Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my search to filter and populate an input field only with host names with ABC in the value?

sushmitha_mj
Communicator
‎04-15-2015 07:55 AM

I am trying to populate an input field using the following lines in XML dashboard source 

   <populatingSearch fieldForValue="host" fieldForLabel="host">
    <![CDATA[|metadata type=hosts index=os host="ABC*"]]>
  </populatingSearch>

I am adding host="ABC*" for it to display only host names having ABC, but it is still displaying all the host names. How do I make it display just ABC host names?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎04-15-2015 09:03 AM

Keep it simple and just filter the output of the metadata command with a search command. 

<populatingSearch fieldForValue="host" fieldForLabel="host">
  <![CDATA[|metadata type=hosts index=os | search host="ABC*"]]>
</populatingSearch>

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎04-15-2015 09:03 AM

Keep it simple and just filter the output of the metadata command with a search command. 

<populatingSearch fieldForValue="host" fieldForLabel="host">
  <![CDATA[|metadata type=hosts index=os | search host="ABC*"]]>
</populatingSearch>
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 09:31 AM

@sideview
Works !! Thanks...

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 09:33 AM

I would like to know if my new proposed answers do not work? thanks

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 08:11 AM

hi sushmitha_mj,
try this

    <populatingSearch fieldForValue="host" fieldForLabel="host">
     <![CDATA[|metadata type=hosts index=os host=* |stats count (host) | where like(host,"ABC%")]]>
   </populatingSearch>

If this does not work, try to use stats count by host as this:

 <populatingSearch fieldForValue="host" fieldForLabel="host">
         <![CDATA[|metadata type=hosts index=os host=* |stats count by host  | where like(host,"ABC%")]]>
       </populatingSearch>
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 08:52 AM

@gyslainlatsa
Does not work. It does not list the hosts at all. It just lists "all" and when I select that,
all hosts are displayed.

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎04-15-2015 08:55 AM

remove values() and put count() as specified above

0 Karma
Reply
Solved! Jump to solution

sushmitha_mj
Communicator
‎04-15-2015 09:51 AM

@gyslainlatsa
Your second solution also worked!! Thanks...

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...