Splunk Search

How to make Splunk dynamic dropdown with different respective value for every label user chooses from menu?

sdkp03
Communicator

I have a lookup table like below:

label,value

op1,"Option 1"

op2,"Option 2"

op3,"Option 3"

When I try to configure dynamic dropdown, I could keyin search string to fetch value field only. My requirement is to display values and when user chooses a value, respective label should be sent in the backend instead of a static value. Example: If user chooses "Option 2", on submission value op2 should be the value passed instead of the value user chose from the dropdown. 

Labels (1)
Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @sdkp03,

you need to have both the fields in your search:

<input type="dropdown" token="option">
   <label>Choose from options</label>
   <fieldForLabel>labelval</fieldForLabel>
   <fieldForValue>options</fieldForValue>
   <search>
      <query>
         | inputlookup keyvalue_pair.csv 
         | dedup labelval
         | sort labelval
         | table labelval options
      </query>
   </search>
</input>

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @sdkp03,

in the inputs you have two values to insers:

  • label,
  • value.

It's just for your need:

you have to put the field to display in the dropdown in the "label" and the field to pass as token in the "value".

Ciao.

Giuseppe

0 Karma

sdkp03
Communicator

source code:

<input type="dropdown" token="option">

 <label>Choose from options</label>

<fieldForLabel>labelval</fieldForLabel>

<fieldForValue>options</fieldForValue>

<search>

   <query>| inputlookup keyvalue_pair.csv | stats count by value </query>

</search>

</input>

Can you please elaborate how to modify this to set fieldForLabel from search query similar to the fieldForValue.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @sdkp03,

you need to have both the fields in your search:

<input type="dropdown" token="option">
   <label>Choose from options</label>
   <fieldForLabel>labelval</fieldForLabel>
   <fieldForValue>options</fieldForValue>
   <search>
      <query>
         | inputlookup keyvalue_pair.csv 
         | dedup labelval
         | sort labelval
         | table labelval options
      </query>
   </search>
</input>

Ciao.

Giuseppe

sdkp03
Communicator

perfect, it works like a charm 🙂 Thanks so much for your help. 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...