Dashboards & Visualizations

force refresh of dropdown dynamic options

drewski3420
New Member

I have a dropdown input that is getting its values from a dynamic inline search from a lookup.

In a separate panel, I have a text input and a search that adds to the lookup using | outputlookup append=true.

I would like the dropdown to refresh its search results, so that I can select the new item I've just added using the text input.

Is there any way to specify the refresh interval of the dropdown search, or otherwise force the new item to be picked up by the dropdown?

0 Karma

stoutrw
Path Finder

There's a couple ways you can do this. You can use tokens and the "depends" attribute in simplexml. This will run a search any time all of the tokens defined in the "depends" list are specified. You would basically include the token value in your search that populates the lookup. I haven't tested the below, but it should be something similar to this. If you're feeling bold, you can add a custom javascript file to your simplexml dashboard and create your dropdown there with a search manager. It will work the same way with tokens as well.

<input type="text" token="my_token_to_add">
   <label>sourcetype</label>
   <default></default>
   <initialValue>splunkd</initialValue>
</input>
<input type="dropdown" depends="$my_token_to_add$" searchWhenChanged="true">
   <label>My Label</label>
   <search>
      <query> index=_internal | eval myfield="$my_token_to_add$" | outputlookup my_lookup append=true</query>
   <earliest>-5m</earliest>
   <latest>now</latest>
   </search>
</input>

As a side note, you can also add this value in the form itself to refresh periodically.

<form refresh="30">

....

</form>
0 Karma
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...