Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Populating search not working

theouhuios
Motivator
‎12-03-2012 12:32 PM

Hello

I am trying to autopopulate the below input type and its not giving any data in the dropbox. Can anyone please tell me where am I doing a mistake?



*
<![CDATA[earliest=-31d@d sourcetype="incident"|stats count by record.groupArea]]>

alt text

<?xml version='1.0' encoding='utf-8'?>






Reactionary
Cautionary

<input type="dropdown" token="Dept">
  <label>Department: </label>
  <default>*</default>
  <choice value="*">All</choice>
  <choice value="Systems">Systems</choice>
  <choice value="Agency">Agency</choice>
</input>
<input type="dropdown" token="Area">
  <label>Area: </label>
  <default>*</default>
   <populatingSearch fieldforvalue="Area" fieldforlabel="Area"> <![CDATA[earliest=-31d@d sourcetype="incident"|rename record.groupArea as Area |stats count by Area]]> </populatingSearch>
</input>

<input type="text" token="WG">
  <label>WorkGroup: </label>
  <default>*</default>
</input>
<input type="text" token="CI">
  <label>CI: </label>
  <default>*</default>
</input>


Tags (1)
0 Karma
Reply

srowe
Explorer
‎05-01-2013 07:35 AM

also, autorun should be "autoRun" camel case. It took me awhile to realize that!

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-03-2012 01:41 PM

Should be upper case S in populatingSearch

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-12-2012 05:03 PM

Did you have any luck?

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-04-2012 08:31 AM

Check case sensitivity:

fieldForValue= fieldForLabel=

0 Karma
Reply

theouhuios
Motivator
‎12-04-2012 07:40 AM

Updated the initial post. I did try to change the name and try it but it doesn't work.

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-04-2012 07:23 AM

Trying to recreate. Can you add the entire form XML please?

0 Karma
Reply

theouhuios
Motivator
‎12-04-2012 06:21 AM

Any help??

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-03-2012 02:46 PM

I think it might be a problem with the . in the field name.

0 Karma
Reply

theouhuios
Motivator
‎12-03-2012 02:03 PM

That removes the error, but there is no data being populated in the dropdown. Updating the first post with the image of the data

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...