How to display field values in a dropdown?

navd · ‎08-06-2018

I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based on the host selected in the first dropdown .How can I do this ?

adonio · ‎08-06-2018

take a look at my answer here:
https://answers.splunk.com/answers/527016/how-to-create-a-dependent-dropdown-and-multivalue.html
i think it can help overcome your challenge

hope it helps

amiftah · ‎08-06-2018

Hi,

Edit your Host dropdown to add a token in token options, edit then the IP dropdown, in the Dynamic options, Add your query in Search String:

index="foo" host=$host_tok|s$ | stats count by "IP"

pradeepkumarg · ‎08-06-2018

What is your search for the IP drop down? You just use the host filter using the token from host drop down in your IP search.

navd · ‎08-06-2018

This is the query I am using for IP drop down.
index=$index1$ host=$hostname$|dedup ip

pradeepkumarg · ‎08-06-2018

Looks like you are going in right direction. Is it not working?

navd · ‎08-06-2018

Yes , I am not seeing any values in dropdown for IP

pradeepkumarg · ‎08-06-2018

If you take the query and run it manually with index and host values, do you get results?
Verify the token names
Are there any errors?
Did you see what is the search that got dispatched for your drop down? You should be able to find it in your activity-jobs. This should give you clues on why the search did not return any values to the drop down.

How to display field values in a dropdown?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms