Dashboards & Visualizations

Help creating form dedup radio button

POR160893
Builder

Hi,

I am relatively new to creating forms in Splunk.

At the moment, I am creating a form which contains a radio button called "Dedup".
The function of this radio button is is to remove all duplicate events which are identical with respect to sourcetype, source IP, dest IP, and dest port. Furthermore, the radio button should be empty by default.
At the moment, the radio button is simply greyed out on the UI. I am unsure whether I need to extend the base search already defined on the form? Can you please help?

Attached is an image of the XML code and the UI output.Dedup_UI.PNGRdio_Button.PNG

Labels (1)
0 Karma

POR160893
Builder

Perfect, the check box would be a cleaner solution to this actually.

For my dropdown, is there an "neater" alternative to using "&quot"?

DropDown question.PNG

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Is it a radio button that you want? Normally, a radio button would represent an exclusive choice from a group of options. You only have two options, to dedup or not to dedup (as the bard might have said!). Would a checkbox be more what you are looking for?

    <input type="radio" token="radioDedup" searchWhenChanged="true">
      <label>Dedup</label>
      <choice value="| dedup sourcetype source_ip dest_ip dest_port">Yes</choice>
      <choice value="">No</choice>
      <default></default>
    </input>
    <input type="checkbox" token="checkboxDedup" id="checkDedup">
      <label>Dedup</label>
      <choice value="| dedup sourcetype source_ip dest_ip dest_port">Dedup</choice>
      <default></default>
      <initialValue></initialValue>
    </input>
0 Karma

POR160893
Builder

Perfect, the check box would be a cleaner solution to this actually.

For my dropdown, is there an "neater" alternative to using "&quot"?



DropDown question.PNG

Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

There isn't really a "neater" solution because that's the way to encode embedded quotes in a string in XML.

0 Karma

POR160893
Builder

The reason why I ask is because the dropdown I currently have is not working ..... no results appear.DropDown Not Working.PNG

0 Karma

POR160893
Builder

Can I change the values to just append onto the base search perhaps? The 3 options simply depend on 1 sourcetype, and in the case of "BOTH" value, 2 sourcetypes.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Yes, how are you using the token in your search?

0 Karma

POR160893
Builder

I am actually not sure myself. For the drop down, I set the token to "action" ..... but this token is not used by any of the values and I am not sure how the prefix uses the token either.I think this is the input failing my form.
However, I am not sure. I would be open for any advice or help on how to better use the token for this dropdown as I have been trying to fix this all day now.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...