Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to implement an if/else condition in forms?

sfmandmdev
Path Finder
‎10-22-2010 06:04 PM

I have a form with a field called "Input" where a splunk user can type in a value-likeA,B,C etc. I want my form to run the search based on what the user inputs.

so, the logic should be:

if(input="X")
    then splunk search="index=!* index=*X...."
else
    splunk search="index=*..."

How can I enforce that condition in my forms? Thanks

Tags (1)
Reply

southeringtonp
Motivator
‎10-24-2010 04:11 AM

Maybe not quite what you're looking for, but have you considered changing from a free-form input to a dropdown menu?

You likely would have to use the Advanced XML syntax, but with that approach, you can have different fields for the label displayed to the user and the actual value passed to the search. So in the dropdown, the label would be X, but the "value" would be index=!* index=*X....

Once you have that, you can use stringreplace to insert that into your search string.

0 Karma
Reply

southeringtonp
Motivator
‎10-25-2010 07:21 PM

Fair enough. Just remember that you can use a search string to populate the list, so only the exception cases would necessarily require manual intervention.

0 Karma
Reply

sfmandmdev
Path Finder
‎10-25-2010 05:24 PM

I don't want to create a dropdown- because its a long and ever-changing list.Thanks though!

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎10-24-2010 02:36 AM

You can probably do this by creating a macro for your search string (or a portion of your search string) and substituting in the form value to the macro argument.

0 Karma
Reply

sfmandmdev
Path Finder
‎10-25-2010 05:32 PM

Okay, say my macro is foo($arg$) where arg is either:(index!=X index=$input$) OR (index=$input$) depending on what the user enters(input is that value)

How , then, in my form do i specify this if/else condition?
if(input=X)
foo(index=$input$*)
if(input!=X)
foo(index!=*X index=$input$)

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...

Application management with Targeted Application Install for Victoria Experience

Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...