Dashboards & Visualizations

create a dashbord and use text field to search multi string

haddad
Explorer

hello all

i have created a dashboard for nessus report. the results are huge thus our users need to exclude some results

for example they need to exclude ssh and telnet vulnerability reports so they need a text field to type it and then in the background use as filed1!=ssh AND field2!=telnet.

my question is how to deploy this ? with only one input field and just type the string like " ssh telnet "

it it possible ? or any other solution ?

Tags (1)
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@haddad,

Try this

<form>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="searchFilter">
      <label>Filter</label>
    </input>
  </fieldset>
  <search>
      <query>|stats count|eval s=split("$searchFilter$"," ")|fields s| eval x=mvjoin(s,",")|fields x</query>
      <done>
        <set token="finalFilter">$result.x$</set>
      </done>
  </search>  
  <row>
    <html>
      <h1>your final search |search NOT field IN ($finalFilter$)</h1>
    </html>
  </row>
</form>
Happy Splunking!
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...