All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SideView Utils ValueSetter Module Delim: Can you use newlines from a textfield value as the delimiter in a ValueSetter Module?

jpass
Contributor
‎08-29-2013 06:52 AM

I'd like to use the new line as a delimiter in a ValueSetter module. The end goal is users, who are afraid of normal syntax, could add search logic per line and I'd use the ValueSetter Module along with the ArrayValueSetter Module to turn the TextField value into a string separated by ORs. For example:

TextField Value:
("192.168.1.1" AND "ausername")
192.168.2.4
("blahblah" AND "foofoo")
"another key phrase"

Then I'd use ValueSetter / ArrayValueSetter to create the following string to be used in a search:

("192.168.1.1" AND "ausername") OR 192.168.2.4 OR ("*blahblah*" AND "*foofoo*") OR "another key phrase"

I know it seems silly to not just have users learn to use the search themselves. Id like to know how to do this. If it's not achievable without custombehavior, I would likely opt for telling users to just insert their own ORs but it would be nice as they could just paste a list of items which sometimes is needed.

Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-29-2013 10:02 AM

Yep, you have to use "\n" as the delim.

Check out the following example. $src_ip_search_expression$ comes out as

( src_ip="10.0.0.0/8" OR src_ip="192.168.0.1" )


<module name="TextField"autoRun="True">
  <param name="name">src_ip</param>
  <param name="label">enter multiple IP or CIDR expressions separated by commas</param>
  <param name="rows">5</param>
  <param name="default">10.0.0.0/8
192.168.0.1</param>
  <module name="Button">

    <module name="ValueSetter">
      <param name="name">src_ip_array</param>
      <param name="delim">\n</param>
      <param name="value">$src_ip$</param>

      <module name="ArrayValueSetter">
        <param name="name">src_ip_search_expression</param>
        <param name="array">$src_ip_array$</param>
        <param name="template">src_ip="$value$"</param>
        <param name="separator">+OR+</param>
        <param name="outerTemplate">( $value$ )</param>

        <module name="HTML">
          <param name="html"><![CDATA[

src_ip (The TextField output) = <b>$src_ip$</b><br>
src_ip_array (The ValueSetter's output, which will actually be a JS array) = <b>$src_ip_array$</b><br>
src_ip_search_expression (The ArrayValueSetter's output) = <b>$src_ip_search_expression$</b>


          ]]></param>
        </module>
      </module>
    </module>
  </module>
</module>

The ValueSetter docs can tell you more about delim, and the ArrayValueSetter docs have an example much like this one but where comma is the delim.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎08-29-2013 10:02 AM

Yep, you have to use "\n" as the delim.

Check out the following example. $src_ip_search_expression$ comes out as

( src_ip="10.0.0.0/8" OR src_ip="192.168.0.1" )


<module name="TextField"autoRun="True">
  <param name="name">src_ip</param>
  <param name="label">enter multiple IP or CIDR expressions separated by commas</param>
  <param name="rows">5</param>
  <param name="default">10.0.0.0/8
192.168.0.1</param>
  <module name="Button">

    <module name="ValueSetter">
      <param name="name">src_ip_array</param>
      <param name="delim">\n</param>
      <param name="value">$src_ip$</param>

      <module name="ArrayValueSetter">
        <param name="name">src_ip_search_expression</param>
        <param name="array">$src_ip_array$</param>
        <param name="template">src_ip="$value$"</param>
        <param name="separator">+OR+</param>
        <param name="outerTemplate">( $value$ )</param>

        <module name="HTML">
          <param name="html"><![CDATA[

src_ip (The TextField output) = <b>$src_ip$</b><br>
src_ip_array (The ValueSetter's output, which will actually be a JS array) = <b>$src_ip_array$</b><br>
src_ip_search_expression (The ArrayValueSetter's output) = <b>$src_ip_search_expression$</b>


          ]]></param>
        </module>
      </module>
    </module>
  </module>
</module>

The ValueSetter docs can tell you more about delim, and the ArrayValueSetter docs have an example much like this one but where comma is the delim.

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...