Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Help creating form dedup radio button

POR160893
Builder
‎02-24-2022 07:26 AM

Hi,

I am relatively new to creating forms in Splunk.

At the moment, I am creating a form which contains a radio button called "Dedup".
The function of this radio button is is to remove all duplicate events which are identical with respect to sourcetype, source IP, dest IP, and dest port. Furthermore, the radio button should be empty by default.
At the moment, the radio button is simply greyed out on the UI. I am unsure whether I need to extend the base search already defined on the form? Can you please help?

Attached is an image of the XML code and the UI output.Dedup_UI.PNGRdio_Button.PNG

Labels (1)
Labels
0 Karma
Reply

POR160893
Builder
‎02-24-2022 08:16 AM

Perfect, the check box would be a cleaner solution to this actually.

For my dropdown, is there an "neater" alternative to using "&quot"?

DropDown question.PNG

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-24-2022 07:59 AM

Is it a radio button that you want? Normally, a radio button would represent an exclusive choice from a group of options. You only have two options, to dedup or not to dedup (as the bard might have said!). Would a checkbox be more what you are looking for?

    <input type="radio" token="radioDedup" searchWhenChanged="true">
      <label>Dedup</label>
      <choice value="| dedup sourcetype source_ip dest_ip dest_port">Yes</choice>
      <choice value="">No</choice>
      <default></default>
    </input>
    <input type="checkbox" token="checkboxDedup" id="checkDedup">
      <label>Dedup</label>
      <choice value="| dedup sourcetype source_ip dest_ip dest_port">Dedup</choice>
      <default></default>
      <initialValue></initialValue>
    </input>
Reply

POR160893
Builder
‎02-24-2022 08:19 AM

Perfect, the check box would be a cleaner solution to this actually.

For my dropdown, is there an "neater" alternative to using "&quot"?



DropDown question.PNG

Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-24-2022 08:58 AM

There isn't really a "neater" solution because that's the way to encode embedded quotes in a string in XML.

0 Karma
Reply

POR160893
Builder
‎02-24-2022 09:31 AM

The reason why I ask is because the dropdown I currently have is not working ..... no results appear.DropDown Not Working.PNG

0 Karma
Reply

POR160893
Builder
‎02-24-2022 09:34 AM

Can I change the values to just append onto the base search perhaps? The 3 options simply depend on 1 sourcetype, and in the case of "BOTH" value, 2 sourcetypes.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-24-2022 10:37 AM

Yes, how are you using the token in your search?

0 Karma
Reply

POR160893
Builder
‎02-24-2022 10:52 AM

I am actually not sure myself. For the drop down, I set the token to "action" ..... but this token is not used by any of the values and I am not sure how the prefix uses the token either.I think this is the input failing my form.
However, I am not sure. I would be open for any advice or help on how to better use the token for this dropdown as I have been trying to fix this all day now.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...