Solved: Re: Dashboard Studio Dropdown default value from l...

splunkuser320 · ‎01-19-2024

I am trying to replace default value of drop down with all the values from a column in lookup table

Example:

Lookup table

Name	log_group
Name 1	Log1
Name 2	log 2
Name 3	log3

I need drop down default taken as log1,log2,log3

dural_yyz · ‎01-19-2024

Ok this is ugly but should be functionable. After researching I wasn't able to find a method to dynamically assign the default value, but you can default to the first value of the search result.

Source Table

Name	Value
Name 01	Value 01
Name 02	value 02
Name 03	value03
Name 04	Value04

Set your data source to pull from a search designed like the following - modify for your needs.

| inputlookup input_test_values.csv 
| stats values(Value) as Value 
| format 
| rename search as Value 
| eval Name="All" 
| table Name Value 
| append
   [| inputlookup input_test_values.csv 
    | table Name Value ]

Search Output:

Name	Value
All	( ( ( Value="Value 01" OR Value="Value04" OR Value="value 02" OR Value="value03" ) ) )
Name 01	Value 01
Name 02	value 02
Name 03	value03
Name 04	Value04

Your inputs config panel to the right should be able to select "First Value" as the default. The search as written can display "All" in the drop down while dynamically building the first value based upon the contents of the lookup no matter how many times it is edited.

The way I have written makes the first value very easy to drop into a subsequent search string. Your needs may vary so you can play with the format command to get that output as you need it specifically.

View solution in original post

yuanliu · ‎01-19-2024

I need drop down default taken as log1,log2,log3

As @dural_yyz hinted at, the actual solution depends very much on how you will use the input token in search. If you want the comma delimited list as part of IN function, you can just use appendpipe.

| inputlookup mylookup
| appendpipe
    [stats values(log_group) as log_group
    | eval Name = "Any", log_group = mvjoin(log_group, ",")]

You get

Name	log_group
Name 1	Log1
Name 2	log2
Name 3	log3
Any	log1,log2,log3

dural_yyz · ‎01-19-2024

Ok this is ugly but should be functionable. After researching I wasn't able to find a method to dynamically assign the default value, but you can default to the first value of the search result.

Source Table

Name	Value
Name 01	Value 01
Name 02	value 02
Name 03	value03
Name 04	Value04

Set your data source to pull from a search designed like the following - modify for your needs.

| inputlookup input_test_values.csv 
| stats values(Value) as Value 
| format 
| rename search as Value 
| eval Name="All" 
| table Name Value 
| append
   [| inputlookup input_test_values.csv 
    | table Name Value ]

Search Output:

Name	Value
All	( ( ( Value="Value 01" OR Value="Value04" OR Value="value 02" OR Value="value03" ) ) )
Name 01	Value 01
Name 02	value 02
Name 03	value03
Name 04	Value04

Your inputs config panel to the right should be able to select "First Value" as the default. The search as written can display "All" in the drop down while dynamically building the first value based upon the contents of the lookup no matter how many times it is edited.

The way I have written makes the first value very easy to drop into a subsequent search string. Your needs may vary so you can play with the format command to get that output as you need it specifically.

Dashboard Studio Dropdown default value from lookup table

lookup

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Dashboard Studio Dropdown default value from lookup table

lookup

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability