Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Dashboard with a partial search bar

lsbarreto96
Engager
‎07-19-2021 01:14 PM

Hello All,

I am trying  to create a dashboard with an interactive input search bar. The field that is searchable has always 16 digits but I want the users to only search with the 6 first digits, for example they will inform a number 123456, and whatever occurrence with the "123456" will show in the report.

I tried to use the sufix field, putting an "*" but it failed, I also tried to include the "*" in the search with the token but it also failed.

Is there any way to do it?

 

Thank you in a dvancne!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 02:13 PM

Hi @lsbarreto96 

I assume you are using Splunk classic simple xml style dashboard, I have tested following and it works with suffix. Can you compare with source code if this works?

 

<form>
  <label>Test</label>
  <fieldset submitButton="false">
    <input type="text" token="token_name">
      <label>Field Name</label>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal sourcetype=$token_name$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

 

---

An upvote would be appreciated and Accept solution if this reply helps!

View solution in original post

Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 02:13 PM

Hi @lsbarreto96 

I assume you are using Splunk classic simple xml style dashboard, I have tested following and it works with suffix. Can you compare with source code if this works?

 

<form>
  <label>Test</label>
  <fieldset submitButton="false">
    <input type="text" token="token_name">
      <label>Field Name</label>
      <suffix>*</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal sourcetype=$token_name$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

 

---

An upvote would be appreciated and Accept solution if this reply helps!

Reply
Solved! Jump to solution

lsbarreto96
Engager
‎07-19-2021 05:33 PM

Thank you very  much! It has worked now! 

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎07-19-2021 05:37 PM

@lsbarreto96 glad it helped. It would be great if you could accept the solution it helps others.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...