How to feed a dropdown list from the search linked...

jip31 · ‎11-02-2020

Hi

As you can see in my XML I use a dropdown list which is feeded from a csv file

I would like to be able to feed this dropdown list from the stats command there is in my search (stats last(RESPONSIBLE_USER) as "Responsible") in order to have just the "Responsible" items corresponding to my search

How to do this please?

<form stylesheet="format.css">
  <label>Battery</label>...<fieldset submitButton="true">
       <input type="dropdown" token="tok_filterresponsible" searchWhenChanged="true">
      <label>Responsible</label>
      <choice value="*">*</choice>
      <initialValue>*</initialValue>
      <default>*</default>
      <fieldForLabel>RESPONSIBLE_USER</fieldForLabel>
      <fieldForValue>RESPONSIBLE_USER</fieldForValue>
      <search>
        <query>| inputlookup responsible.csv</query>
      </search>
    </input>
  </fieldset>
 
  <row>
    <panel>
      <table>
        <title>/title>
        <search>
          <query>| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT 
| search RESPONSIBLE_USER=$tok_filterresponsible|s$ 
| stats last(RESPONSIBLE_USER) as "Responsible", last(DEPARTMENT) as Department, last(SITE) as Site, last(BatteryModel0) as "Battery model", last(DesignCapacity0) as "Design capacity (mAH)", last(HealthState0) as "Health state (%)", last(CycleCount0) as "Cycle count", 
    last(ManufactureDate0) as "Manufacture date", last(LastRecalibration0) as "Last recalibration" by host 
| rename host as Hostname

As

ITWhisperer · ‎11-02-2020

Where is your list of responsible users held? Can you try:

      <search>
        <query>| inputlookup lookup_cmdb_fo_all | fields RESPONSIBLE_USER | dedup RESPONSIBLE_USER</query>
      </search>

jip31 · ‎11-02-2020

no

its what I do actually except that I export the result in a lookup (see my code)

ITWhisperer · ‎11-02-2020

Are you saying you use

| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT

to create responsible.csv? If so, why can't you use this query to populate your dropdown (you might want to add fields RESPONSIBLE_USER | dedup RESPONSIBLE_USER)

jip31 · ‎11-02-2020

no i use

| inputlookup fo_all 
| dedup RESPONSIBLE_USER 
| table RESPONSIBLE_USER
| sort + RESPONSIBLE_USER
| outputlookup responsible.csv

My question is how to retrieve the "Responsible" field that is stats in my search in my dropdown list

ITWhisperer · ‎11-02-2020

I am still unsure what you are asking for but can you change the query in your dropdown to

| inputlookup fo_all 
| rename HOSTNAME as host 
| lookup lookup_pana"name0" as host OUTPUT BatteryTemp0 BatteryModel0 CycleCount0 HealthState0 LastRecalibration0 ManufactureDate0 DesignCapacity0 
| lookup lookup_cmdb_fo_all HOSTNAME as host output SITE RESPONSIBLE_USER DEPARTMENT 
| stats last(RESPONSIBLE_USER) as RESPONSIBLE_USER by host 
| fields RESPONSIBLE_USER
| dedup RESPONSIBLE_USER

If so, why doesn't this do the same thing?

| inputlookup fo_all 
| lookup lookup_cmdb_fo_all HOSTNAME output SITE RESPONSIBLE_USER DEPARTMENT 
| stats last(RESPONSIBLE_USER) as RESPONSIBLE_USER by HOSTNAME 
| fields RESPONSIBLE_USER
| dedup RESPONSIBLE_USER

How to feed a dropdown list from the search linked to this fropdown list

other

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk