Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

XML search form - Allow wildcard only for specific dropdown input

splunker12er
Motivator
‎05-07-2019 03:08 AM

Below search form - prevent the user from entering "wildcard " inputs in the text field.
- if user entera any wildcard or blank value in text field - it will show error message.

Now, in this form I wanted to allow the user to do wildcard searches when the dropdown input value is only "audit"

<form>
    <label>Text Box validation</label>
    <fieldset submitButton="false">
        <input type="dropdown" token="dropdown_input">
            <label>Type</label>
            <showClearButton>false</showClearButton>
            <choice value="type1">audit</choice>
            <choice value="type2">splunkd</choice>
        </input>
        <input type="text" token="selText">
            <label>Enter Log Level (like INFO, WARN, ERROR, FATAL </label>
            <change>
                <eval token="tokLogLevel">case(len($value$)&gt;0 AND NOT like($value$,"%*%"),$value$)</eval>
            </change>
        </input>
    </fieldset>
    <row>
        <panel>
            <html rejects="$tokLogLevel$">
                <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
               Log Level does not accept asterix (*)!!!
                </div>
            </html>
            <table depends="$tokLogLevel$">
                <title>Log Level Volume</title>
                <search>
                    <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
               | stats count by log_level
               | appendpipe [| makeresults
               | eval log_level="$tokLogLevel$",count=0
               | fields - _time]
               | dedup log_level</query>
                    <earliest>-24h@h</earliest>
                    <latest>now</latest>
                    <sampleRatio>1</sampleRatio>
                </search>
                <option name="count">20</option>
                <option name="dataOverlayMode">none</option>
                <option name="drilldown">cell</option>
                <option name="percentagesRow">false</option>
                <option name="rowNumbers">false</option>
                <option name="totalsRow">false</option>
                <option name="wrap">true</option>
            </table>
        </panel>
    </row>
</form>
Tags (2)
0 Karma
Reply

vnravikumar
Champion
‎05-07-2019 07:34 AM

Hi

Give a try

<form>
  <label>Text Box validation</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="dropdown_input">
      <label>Type</label>
      <showClearButton>false</showClearButton>
      <choice value="type1">audit</choice>
      <choice value="type2">splunkd</choice>
      <change>
        <unset token="form.selText"></unset>
        <unset token="tokLogLevel"></unset>
      </change>
    </input>
    <input type="text" token="selText">
      <label>Enter Log Level (like INFO, WARN, ERROR, FATAL</label>
      <change>
        <condition match="$dropdown_input$ == &quot;type2&quot; AND len($value$)>0 AND NOT like($value$,&quot;%*%&quot;)">
          <set token="tokLogLevel">$value$</set>
        </condition>
        <condition match="$dropdown_input$ == &quot;type1&quot; AND len($value$)>0">
          <set token="tokLogLevel">$value$</set>
        </condition>
       </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <html rejects="$tokLogLevel$">
                 <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
                Log Level does not accept asterix (*)!!!
                 </div>
             </html>
      <table depends="$tokLogLevel$">
        <title>Log Level Volume</title>
        <search>
          <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
                | stats count by log_level
                | appendpipe [| makeresults
                | eval log_level="$tokLogLevel$",count=0
                | fields - _time]
                | dedup log_level</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>
0 Karma
Reply

DavidHourani
Super Champion
‎05-07-2019 04:30 AM

Hi @splunker12er,

Nice work !

The rest is easy, just duplicate the panel that includes your table and add a depends on the type1/type2 to each of those panels. One will allow wildcards and the others won't. Ez pz.

Another solution would be using double tokens : <panel depends="$token1$,$token2$"> which is also simple.

Cheers,
David

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...