I am new to Splunk. I have a form with 2 input boxes which I would like to validate before performing the search. I want to make sure that the user provides correct input for performing the search. I tried searching the forum and documentation but I couldn't find any info.
Is there a way to do it?
Thanks in advance,
You can try something like this within the search query -
| gentimes start=-1 | eval IP_ADDRESS="10.10.10.10" | eval SEARCH=if(match(IP_ADDRESS,"^\d+\.\d+\.\d+\.\d+$"),[search index=<your_index> earliest=-1m | stats count as count1 by index| return $count1 ] ,"invalid input") | table SEARCH
Here if value of user entered IP_ADDRESS doesn't match the pattern, it will show "invalid input" in the results, else it shows the count from the subsearch.
I wish I could also perform input validation in forms. For instance, I would like users to be able to type in an IP address in a text field but would like to make sure it's a valid IP address and is not a splunk search, for instance.