https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639109#M221442 <P>Have a hidden base search that uses the input from the text box and changes the "$host_from_textbox_token$" value from it like this:<BR /><BR /></P><LI-CODE lang="markup">|makeresults | eval host="$host_from_textbox_token$" | lookup dnslookup clienthost AS host OUTPUT clientip AS ipFromHost | lookup dnslookup clientip AS host OUTPUT clienthost AS hostFromIp | rex field=host "(?&lt;barehost&gt;.*?)\.\w+\.\w+$" | eval host = mvappend(host, ipFromHost, hostFromIp, barehost) | table host | format</LI-CODE><P><BR />Then use grab "$result.search$" in the "change" section to set another token and use that one everywhere else.</P> Thu, 06 Apr 2023 23:00:52 GMT woodcock 2023-04-06T23:00:52Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639038#M221425 <P>I have a splunk search query which shows the details but the problem here is it only shows the results if the hostname passed in the text box is with fqdn. If hostname entered is without fqdn it won't show any result. How do I make the query to work if I pass abc123.xyz.com or abc123.</P> <P>Apologizes if it's already answered, very new to Splunk.</P> Mon, 10 Apr 2023 16:18:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639038#M221425 srv007 2023-04-10T16:18:20Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639039#M221426 <P>Correction -</P><P>It's text box pannel and not text book.</P> Thu, 06 Apr 2023 15:54:38 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639039#M221426 srv007 2023-04-06T15:54:38Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639043#M221428 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/255618">@srv007</a>&nbsp;,</P><P>are you speaking of a text input panel to perform a search?</P><P>If yes, you can add an asterisk in prefix and suffix:</P><LI-CODE lang="markup"> &lt;input type="text" token="user"&gt; &lt;label&gt;User&lt;/label&gt; &lt;choice value="*"&gt;All&lt;/choice&gt; &lt;default&gt;*&lt;/default&gt; &lt;prefix&gt;user="*&lt;/prefix&gt; &lt;suffix&gt;*"&lt;/suffix&gt; &lt;fieldForLabel&gt;user&lt;/fieldForLabel&gt; &lt;fieldForValue&gt;user&lt;/fieldForValue&gt; &lt;/input&gt;</LI-CODE><P>&nbsp;Ciao.</P><P>Giuseppe</P> Thu, 06 Apr 2023 16:02:16 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639043#M221428 gcusello 2023-04-06T16:02:16Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639109#M221442 <P>Have a hidden base search that uses the input from the text box and changes the "$host_from_textbox_token$" value from it like this:<BR /><BR /></P><LI-CODE lang="markup">|makeresults | eval host="$host_from_textbox_token$" | lookup dnslookup clienthost AS host OUTPUT clientip AS ipFromHost | lookup dnslookup clientip AS host OUTPUT clienthost AS hostFromIp | rex field=host "(?&lt;barehost&gt;.*?)\.\w+\.\w+$" | eval host = mvappend(host, ipFromHost, hostFromIp, barehost) | table host | format</LI-CODE><P><BR />Then use grab "$result.search$" in the "change" section to set another token and use that one everywhere else.</P> Thu, 06 Apr 2023 23:00:52 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639109#M221442 woodcock 2023-04-06T23:00:52Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639164#M221461 <P>Welcome to Splunk Community&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/255618">@srv007</a>&nbsp;.</P><P>I think answer by&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;should solve your problem. (Basically using wildcard).</P> Fri, 07 Apr 2023 06:22:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639164#M221461 VatsalJagani 2023-04-07T06:22:03Z https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639373#M221529 <P>Hello&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/255618">@srv007</a>, I'm a Splunk Community Moderator,</P><P>Kindly accept the answer posted by&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,&nbsp; as that's the answer to your question.</P><P>On my post, you can add "Karma/Upvote" if you like it. That would be appreciated!!</P><P>&nbsp;</P><P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/255618">@srv007</a>&nbsp;, Happy Splunking!!!</P> Mon, 10 Apr 2023 15:08:09 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-Splunk-search-based-on-textbox-field/m-p/639373#M221529 VatsalJagani 2023-04-10T15:08:09Z