Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Populating search options in dropdowns--how to invoke?

cmeo
Contributor
‎01-26-2012 06:43 PM

Bit of a documentation fail--from the manual about form dropdowns:

populatingSearch

A search used to generate fields for the drop-down.
Attributes :
    "fieldForValue" : Required. This is the field extracted from the populatingSearch and placed in the value of the generated drop-down option.
    "fieldForLabel" : Required. This is the field extracted from the populatingSearch and placed in the label of the generated drop-down.
    "earliest" : Optional. Earliest time set in Splunk time format.
    "latest" : Optional. Latest time set in Splunk time format.

How do you invoke earliest and latest in this context? I've tried various incantations but a search which takes < 1 second in the search bar takes more than a minute as a populating search. I think the reason is that it's searching 'All time' but I don't seem to able to prevent this.

There are no examples anywhere for this specific usage, that I can find anyway. I've used all the ones I have found in other places, but nothing works.

The rest of the search I'm using works fine, just takes too long.

Tags (2)
Reply

lguinn2
Legend
‎01-26-2012 11:45 PM

Here is a snippet of a simple XML form search. It is not the complete search form. Let me know if you have trouble - I might have slipped and anonymized it wrong. 

<searchTemplate>sourcetype=sendmail mailto="*$email$*"  earliest=-7d@d | stats count by date_day, date_wday</searchTemplate>

<fieldset>
    <input type="dropdown" token="email">
        <label>Select an email address</label>
        <choice value="*">Any</choice>
        <populatingSearch fieldForValue="mailto" fieldForLabel="mailto">
              <![CDATA[sourcetype=sendmail earliest=-7d | stats count by mailto]]>
        </populatingSearch>
    </input>
</fieldset>

I think this is a reasonable example. Note that I added "earliest=" to both searches!

Reply

cmeo
Contributor
‎02-08-2012 05:35 PM

Fine and dandy--dropdown populates instantly or thereabouts.

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...