Dashboards & Visualizations

How to get a populatingSearch to dynamically populate a drop-down menu?

cjrash1
Engager

All -

I have been trying to implement the findings from a few other posts, but I just cannot get this figured out. I am trying to populate a drop-down based on active DHCP requests. I can get the list of IPs with this search:

index=bro sourcetype=bro_dhcp | sort by src_ip | dedup src_ip | table src_ip

BUT I cannot get it to implement in the drop-down menu.

I have done massive amounts of deleting, and this is what I am left with:

  <label>DNS Requests By IP</label>  
  <fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
    <label>Current DHCP Leases: </label>
      <populatingSearch fieldForValue="src_ip" fieldForLabel="src_ip">
        sourcetype=bro_dhcp | fields src_ip | dedup src_ip
      </populatingSearch>
 </input> 
  </fieldset>
</form>

Any help would be amazing.

0 Karma
1 Solution

sundareshr
Legend

Try this

<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
        <label>Current DHCP Leases: </label>
        <search>
        <query>
           sourcetype=bro_dhcp | fields src_ip | dedup src_ip
        </query>
        </search>
        <fieldForLabel>src_ip</fieldForLabel>
        <fieldForValue>src_ip</fieldForValue>
    </input>
</fieldset>
</form>

View solution in original post

sundareshr
Legend

Try this

<label>DNS Requests By IP</label>
<fieldset submitButton="false" autoRun="false">
    <input type="dropdown" token="inIP">
        <label>Current DHCP Leases: </label>
        <search>
        <query>
           sourcetype=bro_dhcp | fields src_ip | dedup src_ip
        </query>
        </search>
        <fieldForLabel>src_ip</fieldForLabel>
        <fieldForValue>src_ip</fieldForValue>
    </input>
</fieldset>
</form>

cjrash1
Engager

Awesome. I only had to make one edit and it worked. Added the index into the search
index=bro sourcetype=bro_dhcp earliest=-7d| fields + src_ip | dedup src_ip | sort by src_ip

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...