Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to get a populatingSearch to dynamically popul...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cjrash1
Engager
06-13-2016
07:23 PM
All -
I have been trying to implement the findings from a few other posts, but I just cannot get this figured out. I am trying to populate a drop-down based on active DHCP requests. I can get the list of IPs with this search:
index=bro sourcetype=bro_dhcp | sort by src_ip | dedup src_ip | table src_ip
BUT I cannot get it to implement in the drop-down menu.
I have done massive amounts of deleting, and this is what I am left with:
<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
<input type="dropdown" token="inIP">
<label>Current DHCP Leases: </label>
<populatingSearch fieldForValue="src_ip" fieldForLabel="src_ip">
sourcetype=bro_dhcp | fields src_ip | dedup src_ip
</populatingSearch>
</input>
</fieldset>
</form>
Any help would be amazing.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
06-13-2016
09:06 PM
Try this
<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
<input type="dropdown" token="inIP">
<label>Current DHCP Leases: </label>
<search>
<query>
sourcetype=bro_dhcp | fields src_ip | dedup src_ip
</query>
</search>
<fieldForLabel>src_ip</fieldForLabel>
<fieldForValue>src_ip</fieldForValue>
</input>
</fieldset>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
06-13-2016
09:06 PM
Try this
<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
<input type="dropdown" token="inIP">
<label>Current DHCP Leases: </label>
<search>
<query>
sourcetype=bro_dhcp | fields src_ip | dedup src_ip
</query>
</search>
<fieldForLabel>src_ip</fieldForLabel>
<fieldForValue>src_ip</fieldForValue>
</input>
</fieldset>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cjrash1
Engager
06-14-2016
04:56 AM
Awesome. I only had to make one edit and it worked. Added the index into the search
index=bro sourcetype=bro_dhcp earliest=-7d| fields + src_ip | dedup src_ip | sort by src_ip
Get Updates on the Splunk Community!
.conf25 Community Recap
Hello Splunkers,
And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...
Splunk App Developers | .conf25 Recap & What’s Next
If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...
Congratulations to the 2025-2026 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
