Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to create a dynamic drop-down based on field?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
klemenvezjak
Explorer
03-16-2016
05:19 AM
Hi,
I wan to create one drop-down based on field (this field is host - IP address). So I want to find all hosts on port 4545 (source="tcp:4545") and put them (their IP addresses) in the drop-down menu. Once the user has selected one of the IP addresses from the drop-down menu, I will call this search string: source="tcp:4545" host="selected_ip_address".
My question is how can I create a dynamic drop-down menu based on host field? I need help only for dynamic filling drop-down menu - if it is possible.
Thanks,
Klemen
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ohoppe
Path Finder
03-16-2016
06:22 AM
Hi,
here you go.
<form>
<label>foobar</label>
<fieldset submitButton="false">
<input type="dropdown" token="ip">
<label>IP</label>
<search>
<query>|metasearch source="tcp:4545" | dedup host| stats count by host</query>
</search>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
</input>
</fieldset>
<row>
<panel>
<event>
<title>foo</title>
<search>
<query>index=_internal source="tcp:4545" host=$ip$</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="count">10</option>
<option name="list.drilldown">full</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
<fields>["host","source","sourcetype"]</fields>
</event>
</panel>
</row>
</form>
BR
Oliver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ohoppe
Path Finder
03-16-2016
06:22 AM
Hi,
here you go.
<form>
<label>foobar</label>
<fieldset submitButton="false">
<input type="dropdown" token="ip">
<label>IP</label>
<search>
<query>|metasearch source="tcp:4545" | dedup host| stats count by host</query>
</search>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
</input>
</fieldset>
<row>
<panel>
<event>
<title>foo</title>
<search>
<query>index=_internal source="tcp:4545" host=$ip$</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="count">10</option>
<option name="list.drilldown">full</option>
<option name="list.wrap">1</option>
<option name="maxLines">5</option>
<option name="raw.drilldown">full</option>
<option name="rowNumbers">0</option>
<option name="table.drilldown">all</option>
<option name="table.wrap">1</option>
<option name="type">list</option>
<fields>["host","source","sourcetype"]</fields>
</event>
</panel>
</row>
</form>
BR
Oliver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-16-2016
06:56 AM
You can also use this for your dropdown search (may be faster)
| tstats count WHERE index=_internal source="tcp:4545" by host | table host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
klemenvezjak
Explorer
03-17-2016
02:56 AM
Ok, I will try. Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
klemenvezjak
Explorer
03-16-2016
06:54 AM
Great, thank you. It is very easy, but I am just a beginner in Splunk.
Best regards,
Klemen
Get Updates on the Splunk Community!
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0
Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
