Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Drop-down error "Duplicate values causing conflict...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drop-down error "Duplicate values causing conflict" - Dedup not working?
Svill321
Path Finder
06-07-2017
11:25 AM
Hi everyone,
I'm trying to dynamically populate a dropdown menu with error codes. Obviously, I don't want duplicate values, so I used dedup to remove them:
Error Codes
<panel>
<input type="dropdown" token="error_tok">
<label>field1</label>
<populatingSearch fieldForLabel="name" fieldForValue="name">sourcetype=SOURCE ErrorCode=* |dedup ErrorCode | stats count by ErrorCode</populatingSearch>
<default>*</default>
</input>
<table>
<search>
<query>sourcetype=SOURCE ErrorCode=$error_tok$ | table host ErrorCode</query>
<earliest>-4h@m</earliest>
<latest>now</latest>
</search>
</table>
</panel>
I am still receiving a duplication error from the drop-down, though. Could someone let me know what I'm doing wrong?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
koshyk
Super Champion
11-28-2019
06:35 AM
I know this is an old post, but just adding a sample
Putting an example to make it simpler
- good practice to put "_tok" in the token name, so it is not confused with field/label names
- also try to query wrapped in CDATA just to ensure double quotes, arrow symbols won't cause problems
- uses "search" rather than the deprecated "populatingSearch" notation
- and is a working dashboard (to try out)
sample code
<form>
<label>REMOVE THIS DASHBOARD ANYTIME</label>
<description>Some Description</description>
<fieldset autoRun="false">
<input type="dropdown" token="sourcetype_tok" searchWhenChanged="false">
<label>label_name</label>
<choice value="*">All</choice>
<selectFirstChoice>true</selectFirstChoice>
<search>
<query>
<![CDATA[index=_internal | stats count by sourcetype
]]>
</query>
<earliest>$timeSpan.earliest$</earliest>
<latest>$timeSpan.latest$</latest>
</search>
<fieldForLabel>sourcetype</fieldForLabel>
<fieldForValue>sourcetype</fieldForValue>
</input>
<input type="time" token="timeSpan">
<label>Time Picker</label>
<default>
<earliest>-1h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Event Details</title>
<search>
<query>
<![CDATA[index=_internal sourcetype=$sourcetype_tok$
| head 1000
| table _time,index,sourcetype,source,_raw
]]>
</query>
<earliest>$timeSpan.earliest$</earliest>
<latest>$timeSpan.latest$</latest>
</search>
<option name="count">20</option>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rrovers
Contributor
09-04-2017
01:57 AM
I think you should use fieldForValue="ErrorCode",I think you should use fieldForValue="Errorcode"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Balajiraj
Explorer
06-21-2017
08:30 PM
I see that you have used fieldForLabel and fieldForvalue have same value. Have u tried changing them as mentioned in below post
https://answers.splunk.com/answers/329960/duplicate-values-causing-conflict.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
06-07-2017
11:43 AM
try ... | dedup ErrorCode | table ErrorCode
the stats count by ... gives you 2 columns, ErrorCode and count
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Svill321
Path Finder
06-07-2017
11:51 AM
No, still getting the same issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
06-07-2017
11:57 AM
<panel>
<input type="dropdown" token="error_tok" searchWhenChanged="true">
<label>field1</label>
<choice value="*">ALL</choice>
<fieldForLabel>ErrorCode</fieldForLabel>
<fieldForValue>ErrorCode</fieldForValue>
<search>
<query>sourcetype=SOURCE ErrorCode=* | fields ErrorCode|dedup ErrorCode |table ErrorCode</query>
<earliest>-24h</earliest>
<latest>now</latest>
</search>
<default>*</default>
<initialValue>*</initialValue>
</input>
<table>
<search>
<query>sourcetype=SOURCE ErrorCode=$error_tok$ | table host ErrorCode</query>
<earliest>-4h@m</earliest>
<latest>now</latest>
</search>
</table>
</panel>
Get Updates on the Splunk Community!
Prove Your Splunk Prowess at .conf25—No Prereqs Required!
Your Next Big Security Credential: No Prerequisites Needed
We know you’ve got the skills, and now, earning the ...
Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code
This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Answers Content Calendar, July Edition I
Hello Community!
Welcome to another month of Community Content Calendar series! For the month of July, we will ...
