Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to achieve dynamic dropdown all option?

Aroot002
Path Finder
‎10-24-2022 12:11 PM

So I've searched and searched but can't seem to find an answer to my issue. I need to add an all option to my dynamic dropdown. I have found answers that seem like they should be simple enough. Either add All, * to static or alter the XML code. I've tried both, (I think when I altered the XML code it pretty much caused the dropdown to be the exact same way as it was had I just added the options to the static section) and each time I am getting a "search string cannot be empty" error. Don't know if it matters but I did watch a couple youtube videos, their search used | table fieldname | dedup fieldname at the end, when I did that I got the same issue, but now all the field values are grouped together, so I'm doing | stats count by fieldname at the end

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-24-2022 12:45 PM

This is how I would typically configure it:

johnhua_0-1666640560928.png

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-24-2022 12:45 PM

This is how I would typically configure it:

johnhua_0-1666640560928.png

 

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 12:52 PM

Same issue, says that it's ignoring search expansion due to error "search string cannot be empty"

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:10 PM

Could you click on the magnifying glass to "Open in search" and provide the query?

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:16 PM

I'm actually working on my other computer, but I did click the glass, I got the same error when the search opened, could this be more of a log issue? I actually swapped it out for another field and did not get the error.

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:19 PM

I think it's more of a query issue - could you provide a sample of the query when open to a new search?

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:23 PM

I actually just did a simple search to test it out. index=index_name source_type=windows fieldname=* and that got the error. Also tried with quotation marks. But if I change the fieldname to a different one I don't get that error. I don't have a lot of experience in this so I immediately assumed it was something I am doing.

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:26 PM

Just to confirm,

You ran:

index=index_name source_type=windows fieldname=*

and got an error "search string cannot be empty"? 

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-24-2022 01:29 PM

Yes, the error is "Ignoring fieldname "value1" for search expansion due to error="search string cannot be empty"

"Ignoring fieldname "value2" for search expansion due to error="search string cannot be empty"

0 Karma
Reply
Solved! Jump to solution

johnhuang
Motivator
‎10-24-2022 01:40 PM

If possible, could you provide a screenshot.

0 Karma
Reply
Solved! Jump to solution

Aroot002
Path Finder
‎10-26-2022 02:34 PM

I'm actually accepting your first response as a solution... essentially your answer was the correct one. My problem was being caused by an underlying issue with the logs I am querying.

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top