This page looks best with JavaScript enabled

Populate input based on dropdown

 ·  ☕ 2 min read  ·  🐨 Puliyo

Splunk is great.

Highly adaptable analyser tool.

However documentation is not that great (or either my searching is not that good).

I’ve wanted to create something as below:

Items of Dropdown A is populated based on user input in Input A.

When you select item in Dropdown A, Input B will be filled based on the selected value.

Then values of Dropdown B will be populated based on value in Input B.

Since dropdowns will get the first available value, chain reation will occur when you insert value to Input A.

e.g.

Insert value to Input A –> populates values for Dropdown A and sets to first value –>

Input B will be assigned based on the value –> populates values for Dropdown B and sets to first value.

Writing here how I achieved this for my future reference:

<panel>
  <title>GROUP B</title>
  <input type="text" token="inputB" searchWhenChanged="false">
    <label>Input B Search</label>
    <change>
      <condition value="">
        <unset token="dropdownB"></unset>
        <set token="inputB">_DO_NOT_SEARCH_</set>
      </condition>
      <condition match="$value$==&quot;*&quot;">
        <set token="dropdownB">*</set>
        <set token="inputB">_DO_NOT_SEARCH_</set>
      </condition>
    </change>
    <default>*</default>
  </input>
  <input type="dropdown" token="dropdownB" searchWhenChanged="true">
    <label>Dropdown B</label>
    <default>*</default>
    <selectFirstChoice>true</selectFirstChoice>
    <search>
      <query>| inputlookup lookupTable2 | search dropdownB="$inputB$" OR name="*$inputB$*"</query>
      <earliest>-24h@h</earliest>
      <latest>now</latest>
      <done>
        <condition match="$job.resultCount$!=0">
          <set token="form.dropdownB">$result.dropdownB$</set><!--required to prevent '*' to remain in dropdown-->
        </condition>
      </done>
    </search>
    <fieldForLabel>name</fieldForLabel>
    <fieldForValue>dropdownB</fieldForValue>
  </input>
</panel>
<panel>
  <title>GROUP A</title>
  <input type="text" token="inputA" searchWhenChanged="false">
    <label>Input A Search</label>
    <change>
      <condition value="">
        <unset token="dropdownA"></unset>
        <set token="inputA">_DO_NOT_SEARCH_</set>
      </condition>
      <condition match="$value$==&quot;*&quot;">
        <set token="dropdownA">*</set>
        <set token="inputA">_DO_NOT_SEARCH_</set>
      </condition>
    </change>
  </input>
  <input type="dropdown" token="dropdownA" searchWhenChanged="true">
    <label>Dropdown A</label>
    <selectFirstChoice>true</selectFirstChoice>
    <search>
      <query>| inputlookup lookupTable1 | search dropdownA="$inputA$" OR name="*$inputA$*"</query>
      <earliest>-24h@h</earliest>
      <latest>now</latest>
      <done>
        <condition match="$job.resultCount$!=0">
          <set token="form.inputB">$result.someValueOfB$</set>
        </condition>
      </done>
    </search>
    <fieldForLabel>name</fieldForLabel>
    <fieldForValue>dropdownA</fieldForValue>
  </input>
</panel>
Share on
Support the author with