Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to display field values in a dropdown?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to display field values in a dropdown?
navd
New Member
08-06-2018
07:59 AM
I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based on the host selected in the first dropdown .How can I do this ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
08-06-2018
08:58 AM
take a look at my answer here:
https://answers.splunk.com/answers/527016/how-to-create-a-dependent-dropdown-and-multivalue.html
i think it can help overcome your challenge
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
amiftah
Communicator
08-06-2018
08:57 AM
Hi,
Edit your Host dropdown to add a token in token options, edit then the IP dropdown, in the Dynamic options, Add your query in Search String:
index="foo" host=$host_tok|s$ | stats count by "IP"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pradeepkumarg
Influencer
08-06-2018
08:03 AM
What is your search for the IP drop down? You just use the host filter using the token from host drop down in your IP search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navd
New Member
08-06-2018
08:20 AM
This is the query I am using for IP drop down.
index=$index1$ host=$hostname$|dedup ip
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pradeepkumarg
Influencer
08-06-2018
08:44 AM
Looks like you are going in right direction. Is it not working?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navd
New Member
08-06-2018
08:46 AM
Yes , I am not seeing any values in dropdown for IP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pradeepkumarg
Influencer
08-06-2018
08:49 AM
- If you take the query and run it manually with index and host values, do you get results?
- Verify the token names
- Are there any errors?
- Did you see what is the search that got dispatched for your drop down? You should be able to find it in your activity-jobs. This should give you clues on why the search did not return any values to the drop down.
Get Updates on the Splunk Community!
Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco
The Defining Technology Movement of Our Lifetime
The advent of agentic AI is arguably the defining technology ...
Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data
In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...
Your summer travels continue with new course releases
Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
