A) To speak to what you can do today:

If you're using the Advanced XML and not the Simple XML, then you can use the SearchBar module. You're already familiar with this UI module because it's the familiar big text box in the main search view and the charting view. It provides a range of autocomplete options, much of which is configurable.

It has a number of relevant params here -- useAssistant, useTypeahead, showCommandHelp, showCommandHistory, assistantDelay and autoOpenAssistant. You can configure these so that typing in the text field shows you only the indexed tokens that match the given prefix, or you can do what the Splunk UI does and provide a combination of prefix search and search syntax assistance.

However, when you use this module in Splunk core UI, it just outputs the entire search and it's very difficult to construct your view such that the text typed is merely a part of a larger search.

You can make this less difficult but still leverage the SearchBar module by using Sideview Utils. What you do then is you have the user type their few tokens into the SearchBar module, you turn off the functionality you dont need (like showCommandHelp and showCommandHistory), you probably apply custom CSS to make the SearchBar look like a more modest text field, and then you plug the searchBar's currently typed text into a larger search using the Sideview "Search" module, as $searchBar$.

So it can be done, but there are some limitations, it might not match exactly what you had in mind and it might be more work than you had in mind.

B) Looking at more long term solution, I've started prototyping this as a new feature and probably a new module for Sideview Utils. ( http://sideviewapps.com/apps/sideview-utils/ )

Broadly speaking you can divide this up into two quite different implementations that look more or less the same to the end-user.

Both of these would look like a textbox, but as you typed into them you would get autocomplete/autosuggest/typehead suggestions or whatever you want to call them. arrowing down or clicking one would then autocomplete that option.

So the difference is, that

1) On the one hand, you have a control that pulls down up to a few thousand individual options in advance. As you type then it just filters those few thousand options. Inherently this option is limited to cases where you only have up to a few thousand options, so there would be a hard ceiling beyond which it could not go....
However, for showing the distinct values of a particular field in a particular search result this is probably just fine...

2) On the other hand there's what the SearchBar does -- on each key press, it goes and asks the server for what tokens there are matching the given prefix. This has no upper limit on the distinct count, but obviously it's complex and limited in many other ways. For instance the SearchBar autocomplete can only get you tokens that are in the Splunk index, and it can not (without a lot of custom development work), get the user extracted field values, or search phrases, or any number of things you might someday want.

If you or anyone else has a detail that would dictate the second approach over the first, let me know and it might change what I work on a bit. Right now I'm planning on implementing the first approach. It'll probably be a new module entirely but it'll have essentially the same configuration params as the existing Pulldown module.

Have a look at this (admittedly older) response to this kind of question:

http://splunk-base.splunk.com/answers/2381/form-input-suggestions-google-suggest

To the best of my knowledge, there isn't yet a better way of achieving what you've requested.