Solved: Re: Running different search for a particular ip

CorpusCallosum · ‎07-30-2013

Hi All

I would like run different search for a particular IP address. For example, a dashboard including a text box. you write your ip and see the results belongs to different searches regarding the ip. How are the main steps to do that?

Listing activity for a particular ip

Any help is appreciated.
Thanks

jtrucks · ‎07-30-2013

Use XML to have an input field that sets a variable, and then each search on the page contains that variable where it needs to be.

For example:

<fieldset>
    <input type="text" token="ipaddress">
        <label>IP</label>
    </input>
</fieldset>

Then your search might be:

<searchString>
|search $ipaddress | chart ....
</searchString>

etc...

--
Jesse Trucks
Minister of Magic

View solution in original post

jtrucks · ‎07-30-2013

Use XML to have an input field that sets a variable, and then each search on the page contains that variable where it needs to be.

For example:

<fieldset>
    <input type="text" token="ipaddress">
        <label>IP</label>
    </input>
</fieldset>

Then your search might be:

<searchString>
|search $ipaddress | chart ....
</searchString>

etc...

--
Jesse Trucks
Minister of Magic

alacercogitatus · ‎07-30-2013

You are going to want to review this page: http://docs.splunk.com/Documentation/Splunk/5.0.3/Viz/Exampleform. Each Situation is different, but essentially, you want to make a simple form with some tables that execute the search based off of the inputted IP address.

Running different search for a particular ip

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?