Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Populating search not working

theouhuios
Motivator
‎12-03-2012 12:32 PM

Hello

I am trying to autopopulate the below input type and its not giving any data in the dropbox. Can anyone please tell me where am I doing a mistake?



*
<![CDATA[earliest=-31d@d sourcetype="incident"|stats count by record.groupArea]]>

alt text

<?xml version='1.0' encoding='utf-8'?>






Reactionary
Cautionary

<input type="dropdown" token="Dept">
  <label>Department: </label>
  <default>*</default>
  <choice value="*">All</choice>
  <choice value="Systems">Systems</choice>
  <choice value="Agency">Agency</choice>
</input>
<input type="dropdown" token="Area">
  <label>Area: </label>
  <default>*</default>
   <populatingSearch fieldforvalue="Area" fieldforlabel="Area"> <![CDATA[earliest=-31d@d sourcetype="incident"|rename record.groupArea as Area |stats count by Area]]> </populatingSearch>
</input>

<input type="text" token="WG">
  <label>WorkGroup: </label>
  <default>*</default>
</input>
<input type="text" token="CI">
  <label>CI: </label>
  <default>*</default>
</input>


Tags (1)
0 Karma
Reply

srowe
Explorer
‎05-01-2013 07:35 AM

also, autorun should be "autoRun" camel case. It took me awhile to realize that!

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-03-2012 01:41 PM

Should be upper case S in populatingSearch

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-12-2012 05:03 PM

Did you have any luck?

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-04-2012 08:31 AM

Check case sensitivity:

fieldForValue= fieldForLabel=

0 Karma
Reply

theouhuios
Motivator
‎12-04-2012 07:40 AM

Updated the initial post. I did try to change the name and try it but it doesn't work.

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-04-2012 07:23 AM

Trying to recreate. Can you add the entire form XML please?

0 Karma
Reply

theouhuios
Motivator
‎12-04-2012 06:21 AM

Any help??

0 Karma
Reply

rroberts
Splunk Employee
Splunk Employee
‎12-03-2012 02:46 PM

I think it might be a problem with the . in the field name.

0 Karma
Reply

theouhuios
Motivator
‎12-03-2012 02:03 PM

That removes the error, but there is no data being populated in the dropdown. Updating the first post with the image of the data

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...