Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: How to extract unique values from a column int...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to extract unique values from a column into a drop-down menu?
smhsplunk
Communicator
04-25-2016
06:51 AM
Trying to extract unique values from a column and display them in the drop-down menu:
index=main source=traffic_information
| search * traffic_location
| fields traffic_location
| dedup traffic_location
| eval traffic_location=split(traffic_location, " ")
| eval field1=mvindex(traffic_location,0)
| stats values(field1)
So far I don't see anything, but this works perfectly fine when I use the same command in Splunk search, but in a dashboard, it doesn't work.
Please help.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
04-25-2016
07:55 AM
Your search gives a multivalued field with name 'values(field1)' and you must be selecting 'field1' as fieldForDisplay/fieldForValue. Update the query like this
Updated
index=main source=traffic_information
| search * traffic_location
| stats count by traffic_location
| eval traffic_location=mvindex(split(traffic_location, " "),0)
| stats count by traffic_location
| table traffic_location
Now use traffic_location as fieldForDisplay/fieldForValue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
smhsplunk
Communicator
04-25-2016
08:23 AM
<fieldset submitButton="true" autoRun="true">
<input type="dropdown" token="field1">
<search>
<query>index=main source=traffic_information
| search * traffic_location
| stats count by traffic_location
| eval field1=mvindex(split(traffic_location," "),0)
| dedup field1
| table field1</query>
</search>
<fieldsForLabel>field1</fieldsForLabel>
<fieldsForValue>field1</fieldsForValue>
</input>
</fieldset>
Still shows duplicate values causing conflicts, no data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
04-25-2016
08:48 AM
try the updated answer
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
