All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SideView Utils ValueSetter Module Delim: Can you use newlines from a textfield value as the delimiter in a ValueSetter Module?

jpass
Contributor
‎08-29-2013 06:52 AM

I'd like to use the new line as a delimiter in a ValueSetter module. The end goal is users, who are afraid of normal syntax, could add search logic per line and I'd use the ValueSetter Module along with the ArrayValueSetter Module to turn the TextField value into a string separated by ORs. For example:

TextField Value:
("192.168.1.1" AND "ausername")
192.168.2.4
("blahblah" AND "foofoo")
"another key phrase"

Then I'd use ValueSetter / ArrayValueSetter to create the following string to be used in a search:

("192.168.1.1" AND "ausername") OR 192.168.2.4 OR ("*blahblah*" AND "*foofoo*") OR "another key phrase"

I know it seems silly to not just have users learn to use the search themselves. Id like to know how to do this. If it's not achievable without custombehavior, I would likely opt for telling users to just insert their own ORs but it would be nice as they could just paste a list of items which sometimes is needed.

Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-29-2013 10:02 AM

Yep, you have to use "\n" as the delim.

Check out the following example. $src_ip_search_expression$ comes out as

( src_ip="10.0.0.0/8" OR src_ip="192.168.0.1" )


<module name="TextField"autoRun="True">
  <param name="name">src_ip</param>
  <param name="label">enter multiple IP or CIDR expressions separated by commas</param>
  <param name="rows">5</param>
  <param name="default">10.0.0.0/8
192.168.0.1</param>
  <module name="Button">

    <module name="ValueSetter">
      <param name="name">src_ip_array</param>
      <param name="delim">\n</param>
      <param name="value">$src_ip$</param>

      <module name="ArrayValueSetter">
        <param name="name">src_ip_search_expression</param>
        <param name="array">$src_ip_array$</param>
        <param name="template">src_ip="$value$"</param>
        <param name="separator">+OR+</param>
        <param name="outerTemplate">( $value$ )</param>

        <module name="HTML">
          <param name="html"><![CDATA[

src_ip (The TextField output) = <b>$src_ip$</b><br>
src_ip_array (The ValueSetter's output, which will actually be a JS array) = <b>$src_ip_array$</b><br>
src_ip_search_expression (The ArrayValueSetter's output) = <b>$src_ip_search_expression$</b>


          ]]></param>
        </module>
      </module>
    </module>
  </module>
</module>

The ValueSetter docs can tell you more about delim, and the ArrayValueSetter docs have an example much like this one but where comma is the delim.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-29-2013 10:02 AM

Yep, you have to use "\n" as the delim.

Check out the following example. $src_ip_search_expression$ comes out as

( src_ip="10.0.0.0/8" OR src_ip="192.168.0.1" )


<module name="TextField"autoRun="True">
  <param name="name">src_ip</param>
  <param name="label">enter multiple IP or CIDR expressions separated by commas</param>
  <param name="rows">5</param>
  <param name="default">10.0.0.0/8
192.168.0.1</param>
  <module name="Button">

    <module name="ValueSetter">
      <param name="name">src_ip_array</param>
      <param name="delim">\n</param>
      <param name="value">$src_ip$</param>

      <module name="ArrayValueSetter">
        <param name="name">src_ip_search_expression</param>
        <param name="array">$src_ip_array$</param>
        <param name="template">src_ip="$value$"</param>
        <param name="separator">+OR+</param>
        <param name="outerTemplate">( $value$ )</param>

        <module name="HTML">
          <param name="html"><![CDATA[

src_ip (The TextField output) = <b>$src_ip$</b><br>
src_ip_array (The ValueSetter's output, which will actually be a JS array) = <b>$src_ip_array$</b><br>
src_ip_search_expression (The ArrayValueSetter's output) = <b>$src_ip_search_expression$</b>


          ]]></param>
        </module>
      </module>
    </module>
  </module>
</module>

The ValueSetter docs can tell you more about delim, and the ArrayValueSetter docs have an example much like this one but where comma is the delim.

Reply
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...