Solved: How to create a dynamic drop-down based on field?

klemenvezjak · ‎03-16-2016

Hi,
I wan to create one drop-down based on field (this field is host - IP address). So I want to find all hosts on port 4545 (source="tcp:4545") and put them (their IP addresses) in the drop-down menu. Once the user has selected one of the IP addresses from the drop-down menu, I will call this search string: source="tcp:4545" host="selected_ip_address".

My question is how can I create a dynamic drop-down menu based on host field? I need help only for dynamic filling drop-down menu - if it is possible.

Thanks,
Klemen

ohoppe · ‎03-16-2016

Hi,

here you go.

<form>
  <label>foobar</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="ip">
      <label>IP</label>
      <search>
        <query>|metasearch source="tcp:4545" | dedup host| stats count by host</query>
      </search>
      <fieldForLabel>host</fieldForLabel>
      <fieldForValue>host</fieldForValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <title>foo</title>
        <search>
          <query>index=_internal source="tcp:4545" host=$ip$</query>
          <earliest>0</earliest>
          <latest></latest>
        </search>
        <option name="count">10</option>
        <option name="list.drilldown">full</option>
        <option name="list.wrap">1</option>
        <option name="maxLines">5</option>
        <option name="raw.drilldown">full</option>
        <option name="rowNumbers">0</option>
        <option name="table.drilldown">all</option>
        <option name="table.wrap">1</option>
        <option name="type">list</option>
        <fields>["host","source","sourcetype"]</fields>
      </event>
    </panel>
  </row>
</form>

BR
Oliver

View solution in original post

ohoppe · ‎03-16-2016

Hi,

here you go.

<form>
  <label>foobar</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="ip">
      <label>IP</label>
      <search>
        <query>|metasearch source="tcp:4545" | dedup host| stats count by host</query>
      </search>
      <fieldForLabel>host</fieldForLabel>
      <fieldForValue>host</fieldForValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <title>foo</title>
        <search>
          <query>index=_internal source="tcp:4545" host=$ip$</query>
          <earliest>0</earliest>
          <latest></latest>
        </search>
        <option name="count">10</option>
        <option name="list.drilldown">full</option>
        <option name="list.wrap">1</option>
        <option name="maxLines">5</option>
        <option name="raw.drilldown">full</option>
        <option name="rowNumbers">0</option>
        <option name="table.drilldown">all</option>
        <option name="table.wrap">1</option>
        <option name="type">list</option>
        <fields>["host","source","sourcetype"]</fields>
      </event>
    </panel>
  </row>
</form>

BR
Oliver

somesoni2 · ‎03-16-2016

You can also use this for your dropdown search (may be faster)

| tstats count WHERE index=_internal source="tcp:4545" by host | table host

klemenvezjak · ‎03-17-2016

Ok, I will try. Thanks

klemenvezjak · ‎03-16-2016

Great, thank you. It is very easy, but I am just a beginner in Splunk.

Best regards,
Klemen

How to create a dynamic drop-down based on field?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!