Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit my dashboard to validate two input fields?

cmadish
New Member
‎10-12-2016 09:10 AM

I have a simple dashboard that has two input fields and a submit button and I would like to validate the fields.

If the user does not enter a value for the testName field, I would like to perform the search with a wildcard, i.e. *. If they do enter a value, I will use that input in my search.

I have tried various versions of the below code, but haven’t had any luck. I’m sure this type of form validation is simple, but since I’m relatively new to Splunk I can’t get it quite right. 

<form>
  <label>Sent to External System</label>
  <fieldset submitButton="true">
    <input type="text" token="id">
      <label>ID</label>
    </input>
    <input type="text" token="testName">
      <label>Test Name</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <event>
        <search>
          <query>sourcetype=myLog* CFE_LogComponent=Sent payload NOT "sched" "*$id$*" eval testName = if(isNull(testName) OR testName="", "*", testName)</query>
          <earliest>@mon</earliest>
          <latest>now</latest>
        </search>
      </event>
    </panel>
  </row>
</form>
0 Karma
Reply

rjthibod
Champion
‎10-12-2016 11:54 AM

As far as I know, you can't do what you want without Javascript.

Splunk doesn't give you the ability to validate/manipulate the intermediate token values in XML, i.e., the token value for $testName$ is going to be undefined unless it has something in the input box.

In Javascript, there a variety of ways to go about validating inputs and/or using things like TokenForwarders where you can set a default value when the input form is empty or has invalid values, but you must use Javascript.

Reply

sundareshr
Legend
‎10-12-2016 10:22 AM

You may be able to get the desired result by setting a default for your textinput. Like this

   <fieldset submitButton="true">
     <input type="text" token="id">
       <label>ID</label>
      <default>*</default>
     </input>
     <input type="text" token="testName">
       <label>Test Name</label>
      <default>*</default>
     </input>
   </fieldset>

And change your query to

<query>sourcetype=myLog* CFE_LogComponent=Sent payload NOT "sched" "*$id$*" testName="$testName$"</query>
0 Karma
Reply

cmadish
New Member
‎10-12-2016 11:23 AM

I considered that but I really didn't want my users to see "*" in the field because I was concerned it might confuse them. I could set the default value to " ", but even that feels a little hacky to me. This type of validation is common with forms and if for nothing more than academic reasons I'd like to know what I'm missing.

0 Karma
Reply

sundareshr
Legend
‎10-12-2016 11:55 AM

In your original query, you cannot add eval in the base search. So you could try like this

sourcetype=myLog* CFE_LogComponent=Sent payload NOT "sched" "*$id$*" | eval testName = if(isNull(testName) OR testName="", "*", testName) | search testName
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...