Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using more than one dropdown menu for the same search

marinalalves
Engager
‎08-04-2020 07:47 AM

Hello,

I'm trying to configure two different dropdown menus - the idea is to give option to the user, either he picks a value from the first dropdown (all videos - $dropdown_token$) OR he picks one of the top 10 ($field1$).

marinalalves_0-1596552023136.png

 

The problem is I don't seem to know how to insert this information on my visuals - the dashboard keeps running only if I select the first option/dropdown menu.

I tried different ways of writing the query, such as:

<panel>
<single>
<title>Unique Viewers</title>
<search>
<query>index=index Operation="views"
| search ResourceTitle="$dropdown_token$","$field1$"
|stats distinct_count(UserId)</query>
<earliest>$picktime_token.earliest$</earliest>
<latest>$picktime_token.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>

I also tried | search ResourceTitle="$dropdown_token$" OR "$field1$"

I know it's a beginners question but I appreciate if you could help me.

 

THanks

 

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-04-2020 07:59 AM

ResourceTitle="$dropdown_token$"  OR ResourceTitle="$field1$"

————————————
If this helps, give a like below.
0 Karma
Reply

marinalalves
Engager
‎08-05-2020 01:44 AM

I tried but it doesn't work - visuals keep waiting for the query to run.

0 Karma
Reply

to4kawa
Ultra Champion
‎08-05-2020 02:09 AM

sample:

<form>
  <label>double dropdown</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="dropdown_token">
      <label>dropdown1</label>
      <fieldForLabel>label</fieldForLabel>
      <fieldForValue>sourcetype</fieldForValue>
      <search>
        <query>| tstats count where index=_internal by sourcetype
| table sourcetype
| eval label=sourcetype</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="field1">
      <label>dropdown2</label>
      <fieldForLabel>label</fieldForLabel>
      <fieldForValue>sourcetype</fieldForValue>
      <search>
        <query>| tstats count where index=_internal by sourcetype
| table sourcetype
| eval label=sourcetype</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="time" token="field3">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <search>
          <query>index=_internal sourcetype=$dropdown_token$ OR sourcetype=$field1$ | head 100</query>
          <earliest>0</earliest>
          <latest></latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="type">list</option>
      </event>
    </panel>
  </row>
</form>

your simpleXML is something wrong.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...