Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Using a search base with inputlookup, how do I...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
11:46 AM
I've basically created a base search and am using it with a lookup. The results of the base search are all my regions. However, I want to have an "All" option in the drop-down without updating the lookup table as it's generated hourly.
<search id="regions">
<query>
<![CDATA[
| inputlookup abc_sd_ipam
| stats by abc_region
]]>
</query>
</search>
[...]
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>true</selectFirstChoice>
<allowCustomValues>false</allowCustomValues>
<search base="regions"><query>| table abc_region</query></search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Can someone assist me with adding a static value to this data set so that "All" is the first value in the drop-down?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
12:43 PM
This turned out to be the solution:
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>false</selectFirstChoice>
<allowCustomValues>true</allowCustomValues>
<choice value="*">All</choice>
<search base="regions">
<query>| table abc_region</query>
</search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Notice:
<choice value="*">All</choice>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rharrisssi
Path Finder
11-04-2015
12:43 PM
This turned out to be the solution:
<input type="dropdown" token="abc_region" searchWhenChanged="true">
<label>Region</label>
<selectFirstChoice>false</selectFirstChoice>
<allowCustomValues>true</allowCustomValues>
<choice value="*">All</choice>
<search base="regions">
<query>| table abc_region</query>
</search>
<fieldForLabel>abc_region</fieldForLabel>
<fieldForValue>abc_region</fieldForValue>
</input>
Notice:
<choice value="*">All</choice>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
icyfeverr
Path Finder
11-04-2015
12:41 PM
In your search query you can do something like the below:
| inputlookup abc_sd_ipam | stats by abc_region | append [ | stats count | eval count="All" | rename count AS abc_region ]
Want to give credit to https://answers.splunk.com/answers/41525/add-a-row-to-end-of-table.html
Get Updates on the Splunk Community!
Fastest way to demo Observability
I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...
September Community Champions: A Shoutout to Our Contributors!
As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...
