Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to display field values in a dropdown?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to display field values in a dropdown?
I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based on the host selected in the first dropdown .How can I do this ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
take a look at my answer here:
https://answers.splunk.com/answers/527016/how-to-create-a-dependent-dropdown-and-multivalue.html
i think it can help overcome your challenge
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Edit your Host dropdown to add a token in token options, edit then the IP dropdown, in the Dynamic options, Add your query in Search String:
index="foo" host=$host_tok|s$ | stats count by "IP"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is your search for the IP drop down? You just use the host filter using the token from host drop down in your IP search.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the query I am using for IP drop down.
index=$index1$ host=$hostname$|dedup ip
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like you are going in right direction. Is it not working?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes , I am not seeing any values in dropdown for IP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- If you take the query and run it manually with index and host values, do you get results?
- Verify the token names
- Are there any errors?
- Did you see what is the search that got dispatched for your drop down? You should be able to find it in your activity-jobs. This should give you clues on why the search did not return any values to the drop down.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
