Validate Splunk Form Input

sscandoit · ‎08-05-2011

Hi All,

I am new to Splunk. I have a form with 2 input boxes which I would like to validate before performing the search. I want to make sure that the user provides correct input for performing the search. I tried searching the forum and documentation but I couldn't find any info.

Is there a way to do it?

Thanks in advance,
Suvelee

rahul_jasrotia · ‎01-12-2017

Is this possible to do ? I'm also trying to achieve something like this?

dineshraj9 · ‎01-13-2017

You can try something like this within the search query -

 | gentimes start=-1 | eval IP_ADDRESS="10.10.10.10" | eval SEARCH=if(match(IP_ADDRESS,"^\d+\.\d+\.\d+\.\d+$"),[search index=<your_index> earliest=-1m | stats count as count1 by index| return $count1 ] ,"invalid input") | table SEARCH

Here if value of user entered IP_ADDRESS doesn't match the pattern, it will show "invalid input" in the results, else it shows the count from the subsearch.

yoho · ‎11-05-2013

I wish I could also perform input validation in forms. For instance, I would like users to be able to type in an IP address in a text field but would like to make sure it's a valid IP address and is not a splunk search, for instance.

Validate Splunk Form Input

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation

Validate Splunk Form Input

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)