Dashboards & Visualizations

Validate Splunk Form Input


Hi All,

I am new to Splunk. I have a form with 2 input boxes which I would like to validate before performing the search. I want to make sure that the user provides correct input for performing the search. I tried searching the forum and documentation but I couldn't find any info.

Is there a way to do it?

Thanks in advance,

Tags (1)

Path Finder

Is this possible to do ? I'm also trying to achieve something like this?

0 Karma


You can try something like this within the search query -

 | gentimes start=-1 | eval IP_ADDRESS="" | eval SEARCH=if(match(IP_ADDRESS,"^\d+\.\d+\.\d+\.\d+$"),[search index=<your_index> earliest=-1m | stats count as count1 by index| return $count1 ] ,"invalid input") | table SEARCH

Here if value of user entered IP_ADDRESS doesn't match the pattern, it will show "invalid input" in the results, else it shows the count from the subsearch.

0 Karma


I wish I could also perform input validation in forms. For instance, I would like users to be able to type in an IP address in a text field but would like to make sure it's a valid IP address and is not a splunk search, for instance.

0 Karma