Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to feed a dropdown list from the search linked to this fropdown list

jip31
Motivator
‎11-02-2020 03:59 AM

Hi

As you can see in my XML I use a dropdown list which is feeded from a csv file

I would like to be able to feed this dropdown list from the stats command there is in my search (stats last(RESPONSIBLE_USER) as "Responsible") in order to have just the "Responsible" items corresponding to my search

How to do this please?

<form stylesheet="format.css">
  <label>Battery</label>...<fieldset submitButton="true">
       <input type="dropdown" token="tok_filterresponsible" searchWhenChanged="true">
      <label>Responsible</label>
      <choice value="*">*</choice>
      <initialValue>*</initialValue>
      <default>*</default>
      <fieldForLabel>RESPONSIBLE_USER</fieldForLabel>
      <fieldForValue>RESPONSIBLE_USER</fieldForValue>
      <search>
        <query>| inputlookup responsible.csv</query>
      </search>
    </input>
  </fieldset>
 
  <row>
    <panel>
      <table>
        <title>/title>
        <search>
          <query>| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT 
| search RESPONSIBLE_USER=$tok_filterresponsible|s$ 
| stats last(RESPONSIBLE_USER) as "Responsible", last(DEPARTMENT) as Department, last(SITE) as Site, last(BatteryModel0) as "Battery model", last(DesignCapacity0) as "Design capacity (mAH)", last(HealthState0) as "Health state (%)", last(CycleCount0) as "Cycle count", 
    last(ManufactureDate0) as "Manufacture date", last(LastRecalibration0) as "Last recalibration" by host 
| rename host as Hostname

As 

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 04:11 AM

Where is your list of responsible users held? Can you try:

      <search>
        <query>| inputlookup lookup_cmdb_fo_all | fields RESPONSIBLE_USER | dedup RESPONSIBLE_USER</query>
      </search>
0 Karma
Reply

jip31
Motivator
‎11-02-2020 04:47 AM

no

its what I do actually except that I export the result in a lookup (see my code)

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 04:55 AM

Are you saying you use

| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT

to create responsible.csv? If so, why can't you use this query to populate your dropdown (you might want to add fields RESPONSIBLE_USER | dedup RESPONSIBLE_USER)

0 Karma
Reply

jip31
Motivator
‎11-02-2020 05:16 AM

no i use

| inputlookup fo_all 
| dedup RESPONSIBLE_USER 
| table RESPONSIBLE_USER
| sort + RESPONSIBLE_USER
| outputlookup responsible.csv

My question is how to retrieve the "Responsible" field that is stats  in my search in my dropdown list

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 05:29 AM

I am still unsure what you are asking for but can you change the query in your dropdown to

| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT 
| stats last(RESPONSIBLE_USER) as RESPONSIBLE_USER by host 
| fields RESPONSIBLE_USER
| dedup RESPONSIBLE_USER

If so, why doesn't this do the same thing?

| inputlookup fo_all 
| lookup lookup_cmdb_fo_all HOSTNAME output SITE RESPONSIBLE_USER DEPARTMENT 
| stats last(RESPONSIBLE_USER) as RESPONSIBLE_USER by HOSTNAME 
| fields RESPONSIBLE_USER
| dedup RESPONSIBLE_USER
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...