Solved: How to use the output of the base query in the Inp...

Real_captain · ‎10-15-2024

Hi Team

Is it possible to use the output value of the base query as the drop down values in the input panel.

Example :

<search id="base">

<query>index=ABC | eval fieldA = If (fieldB = "ABC" , fieldB , fieldA )</query>

I want to use the value of the fieldA in the dropdown of the input POH_Group. Below query is not working and i am not getting the values of fieldA in the dropdown of POH_Group:

<input type="dropdown" token="POH_tokenD" searchWhenChanged="true">
<label>POH_Group</label>
<prefix>POH_Group1="</prefix>
<suffix>"</suffix>
<fieldForLabel>POH_Group1</fieldForLabel>
<fieldForValue>POH_Group1</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<search>
<query> | dedup fieldA | table fieldA
</query>

Can you please help to fix this issue.

gcusello · ‎10-16-2024

Hi @Real_captain ,

when you use a base search, you have to call it in the search tag:

<search base="your_base_search">

Ciao.

Giuseppe

View solution in original post

Real_captain · ‎10-15-2024

@gcusello :
I want to use FieldA :

Will the below query works??

<input type="dropdown" token="POH_tokenD" searchWhenChanged="true">
<label>POH_Group</label>
<prefix>POH_Group1="</prefix>
<suffix>"</suffix>
<fieldForLabel>fieldA</fieldForLabel>
<fieldForValue>fieldA</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<search>
<query> | dedup fieldA | table fieldA
</query>

Real_captain · ‎10-16-2024

HI @gcusello
After using the correct fieldForLabel , i am not able to fetch the result in the dropdown using the dynamic query:

Query : Field POH_Group1 is fetched by the base query present on the top with the <search id="base">

<input type="dropdown" token="POH_token" depends="$POH_input$" searchWhenChanged="true">
<label>POH_Group</label>
<fieldForLabel>POH_Group1</fieldForLabel>
<fieldForValue>POH_Group1</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<search>
<query>| dedup POH_Group1 | table POH_Group1</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
</input>

gcusello · ‎10-16-2024

Hi @Real_captain ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎10-16-2024

Hi @Real_captain ,

when you use a base search, you have to call it in the search tag:

<search base="your_base_search">

Ciao.

Giuseppe

gcusello · ‎10-15-2024

Hi @Real_captain ,

if fieldA is extracted for the data set, in this way you can use it.

Ciao.

Giuseppe

gcusello · ‎10-15-2024

Hi @Real_captain ,

there an error: in the input search you have as output only the fieldA field, but in the FieldForLabel and FieldForValue tags you want to use the POH_Group1 field that isn't in the input search outputs.

Ciao.

Giuseppe

How to use the output of the base query in the Input panel as dropdown ?

proactive Splunk component monitoring

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)