To make your search faster, do this:
index="suricata" sourcetype="suricata:alert" | stats count by category But as to the populating question … these two lines are your problem:
<fieldForLabel>column</fieldForLabel> <fieldForValue>column</fieldForValue> There is no field named "column" in your data
Change it to reference category instead of column:
<fieldForLabel>category</fieldForLabel> <fieldForValue>category</fieldForValue> September 21, 2020 at 01:57PM
via reddit https://www.reddit.com/r/Splunk/comments/iwkv5b/why_does_my_dropdown_not_populate_dynamically/g64mzpg?utm_source=ifttt