Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to prevent drop-down form element from using timerangepicker in search?

kb_vells
Path Finder
‎08-18-2014 01:38 AM

index=indexApp with field "officer"
index=indexTeam with fields "officer" and "team id"

indexTeam has been created on 14 August 2014 but the indexApp was created around 2 months ago. I have "team id" drop-down in my dashboard which is used for applying filtering on my dashboard panels. when I use alltime in timerangepicker search, the drop-down is populated with list of teams but when I change the filter to 24hours or yesterday or previous week, the drop-down is empty. The error occurred on 15 Aug 2014. I think the error is related to indexTeam involved in timerangepicker search where index is created only on 14 August. Is there any way to tell drop-down search not to use timerangepicker.

<form>
  <label>App by Team</label>
  <fieldset autoRun="true" submitButton="false">
    <input type="time" searchWhenChanged="true">

    <input type="time" searchWhenChanged="true">
      <label>Time period</label>
      <default/>
    </input>

    <input type="dropdown" token="teamId">
      <label>Team Id</label>
      <prefix>"team id"="</prefix>
      <suffix>"</suffix>
      <populatingSearch fieldForValue="team id" fieldForLabel="team id">
        <![CDATA[index=indexTeam |dedup "team id"|sort "team id"]]>
      </populatingSearch>
      <default/>
      <choice value="">All</choice>
    </input>
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎08-18-2014 06:36 AM

You can add earliest and latest in the base search of your populatingSearch query for dropdown to override the effect of timerangepicker.

e.g. Instead of this (which will with its timerange set from parent timerangepicker)

index=indexTeam |dedup "team id"|sort "team id"

use this.

index=indexTeam latest=now|dedup "team id"|sort "team id"

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎08-18-2014 06:36 AM

You can add earliest and latest in the base search of your populatingSearch query for dropdown to override the effect of timerangepicker.

e.g. Instead of this (which will with its timerange set from parent timerangepicker)

index=indexTeam |dedup "team id"|sort "team id"

use this.

index=indexTeam latest=now|dedup "team id"|sort "team id"
Reply
Solved! Jump to solution

kb_vells
Path Finder
‎08-18-2014 07:49 AM

Absolutely Brilliant Somesh, You saved my day. The fix works perfectly.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...