Archive

create a dashbord and use text field to search multi string

Explorer

hello all

i have created a dashboard for nessus report. the results are huge thus our users need to exclude some results

for example they need to exclude ssh and telnet vulnerability reports so they need a text field to type it and then in the background use as filed1!=ssh AND field2!=telnet.

my question is how to deploy this ? with only one input field and just type the string like " ssh telnet "

it it possible ? or any other solution ?

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

@haddad,

Try this

<form>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="searchFilter">
      <label>Filter</label>
    </input>
  </fieldset>
  <search>
      <query>|stats count|eval s=split("$searchFilter$"," ")|fields s| eval x=mvjoin(s,",")|fields x</query>
      <done>
        <set token="finalFilter">$result.x$</set>
      </done>
  </search>  
  <row>
    <html>
      <h1>your final search |search NOT field IN ($finalFilter$)</h1>
    </html>
  </row>
</form>