Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

XML search form - Allow wildcard only for specific dropdown input

splunker12er
Motivator
‎05-07-2019 03:08 AM

Below search form - prevent the user from entering "wildcard " inputs in the text field.
- if user entera any wildcard or blank value in text field - it will show error message.

Now, in this form I wanted to allow the user to do wildcard searches when the dropdown input value is only "audit"

<form>
    <label>Text Box validation</label>
    <fieldset submitButton="false">
        <input type="dropdown" token="dropdown_input">
            <label>Type</label>
            <showClearButton>false</showClearButton>
            <choice value="type1">audit</choice>
            <choice value="type2">splunkd</choice>
        </input>
        <input type="text" token="selText">
            <label>Enter Log Level (like INFO, WARN, ERROR, FATAL </label>
            <change>
                <eval token="tokLogLevel">case(len($value$)&gt;0 AND NOT like($value$,"%*%"),$value$)</eval>
            </change>
        </input>
    </fieldset>
    <row>
        <panel>
            <html rejects="$tokLogLevel$">
                <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
               Log Level does not accept asterix (*)!!!
                </div>
            </html>
            <table depends="$tokLogLevel$">
                <title>Log Level Volume</title>
                <search>
                    <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
               | stats count by log_level
               | appendpipe [| makeresults
               | eval log_level="$tokLogLevel$",count=0
               | fields - _time]
               | dedup log_level</query>
                    <earliest>-24h@h</earliest>
                    <latest>now</latest>
                    <sampleRatio>1</sampleRatio>
                </search>
                <option name="count">20</option>
                <option name="dataOverlayMode">none</option>
                <option name="drilldown">cell</option>
                <option name="percentagesRow">false</option>
                <option name="rowNumbers">false</option>
                <option name="totalsRow">false</option>
                <option name="wrap">true</option>
            </table>
        </panel>
    </row>
</form>
Tags (2)
0 Karma
Reply

vnravikumar
Champion
‎05-07-2019 07:34 AM

Hi

Give a try

<form>
  <label>Text Box validation</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="dropdown_input">
      <label>Type</label>
      <showClearButton>false</showClearButton>
      <choice value="type1">audit</choice>
      <choice value="type2">splunkd</choice>
      <change>
        <unset token="form.selText"></unset>
        <unset token="tokLogLevel"></unset>
      </change>
    </input>
    <input type="text" token="selText">
      <label>Enter Log Level (like INFO, WARN, ERROR, FATAL</label>
      <change>
        <condition match="$dropdown_input$ == &quot;type2&quot; AND len($value$)>0 AND NOT like($value$,&quot;%*%&quot;)">
          <set token="tokLogLevel">$value$</set>
        </condition>
        <condition match="$dropdown_input$ == &quot;type1&quot; AND len($value$)>0">
          <set token="tokLogLevel">$value$</set>
        </condition>
       </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <html rejects="$tokLogLevel$">
                 <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
                Log Level does not accept asterix (*)!!!
                 </div>
             </html>
      <table depends="$tokLogLevel$">
        <title>Log Level Volume</title>
        <search>
          <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
                | stats count by log_level
                | appendpipe [| makeresults
                | eval log_level="$tokLogLevel$",count=0
                | fields - _time]
                | dedup log_level</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>
0 Karma
Reply

DavidHourani
Super Champion
‎05-07-2019 04:30 AM

Hi @splunker12er,

Nice work !

The rest is easy, just duplicate the panel that includes your table and add a depends on the type1/type2 to each of those panels. One will allow wildcards and the others won't. Ez pz.

Another solution would be using double tokens : <panel depends="$token1$,$token2$"> which is also simple.

Cheers,
David

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...