Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to implement an if/else condition in forms?

sfmandmdev
Path Finder
‎10-22-2010 06:04 PM

I have a form with a field called "Input" where a splunk user can type in a value-likeA,B,C etc. I want my form to run the search based on what the user inputs.

so, the logic should be:

if(input="X")
    then splunk search="index=!* index=*X...."
else
    splunk search="index=*..."

How can I enforce that condition in my forms? Thanks

Tags (1)
Reply

southeringtonp
Motivator
‎10-24-2010 04:11 AM

Maybe not quite what you're looking for, but have you considered changing from a free-form input to a dropdown menu?

You likely would have to use the Advanced XML syntax, but with that approach, you can have different fields for the label displayed to the user and the actual value passed to the search. So in the dropdown, the label would be X, but the "value" would be index=!* index=*X....

Once you have that, you can use stringreplace to insert that into your search string.

0 Karma
Reply

southeringtonp
Motivator
‎10-25-2010 07:21 PM

Fair enough. Just remember that you can use a search string to populate the list, so only the exception cases would necessarily require manual intervention.

0 Karma
Reply

sfmandmdev
Path Finder
‎10-25-2010 05:24 PM

I don't want to create a dropdown- because its a long and ever-changing list.Thanks though!

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎10-24-2010 02:36 AM

You can probably do this by creating a macro for your search string (or a portion of your search string) and substituting in the form value to the macro argument.

0 Karma
Reply

sfmandmdev
Path Finder
‎10-25-2010 05:32 PM

Okay, say my macro is foo($arg$) where arg is either:(index!=X index=$input$) OR (index=$input$) depending on what the user enters(input is that value)

How , then, in my form do i specify this if/else condition?
if(input=X)
foo(index=$input$*)
if(input!=X)
foo(index!=*X index=$input$)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...