Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

XML search form - Allow wildcard only for specific dropdown input

splunker12er
Motivator
‎05-07-2019 03:08 AM

Below search form - prevent the user from entering "wildcard " inputs in the text field.
- if user entera any wildcard or blank value in text field - it will show error message.

Now, in this form I wanted to allow the user to do wildcard searches when the dropdown input value is only "audit"

<form>
    <label>Text Box validation</label>
    <fieldset submitButton="false">
        <input type="dropdown" token="dropdown_input">
            <label>Type</label>
            <showClearButton>false</showClearButton>
            <choice value="type1">audit</choice>
            <choice value="type2">splunkd</choice>
        </input>
        <input type="text" token="selText">
            <label>Enter Log Level (like INFO, WARN, ERROR, FATAL </label>
            <change>
                <eval token="tokLogLevel">case(len($value$)&gt;0 AND NOT like($value$,"%*%"),$value$)</eval>
            </change>
        </input>
    </fieldset>
    <row>
        <panel>
            <html rejects="$tokLogLevel$">
                <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
               Log Level does not accept asterix (*)!!!
                </div>
            </html>
            <table depends="$tokLogLevel$">
                <title>Log Level Volume</title>
                <search>
                    <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
               | stats count by log_level
               | appendpipe [| makeresults
               | eval log_level="$tokLogLevel$",count=0
               | fields - _time]
               | dedup log_level</query>
                    <earliest>-24h@h</earliest>
                    <latest>now</latest>
                    <sampleRatio>1</sampleRatio>
                </search>
                <option name="count">20</option>
                <option name="dataOverlayMode">none</option>
                <option name="drilldown">cell</option>
                <option name="percentagesRow">false</option>
                <option name="rowNumbers">false</option>
                <option name="totalsRow">false</option>
                <option name="wrap">true</option>
            </table>
        </panel>
    </row>
</form>
Tags (2)
0 Karma
Reply

vnravikumar
Champion
‎05-07-2019 07:34 AM

Hi

Give a try

<form>
  <label>Text Box validation</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="dropdown_input">
      <label>Type</label>
      <showClearButton>false</showClearButton>
      <choice value="type1">audit</choice>
      <choice value="type2">splunkd</choice>
      <change>
        <unset token="form.selText"></unset>
        <unset token="tokLogLevel"></unset>
      </change>
    </input>
    <input type="text" token="selText">
      <label>Enter Log Level (like INFO, WARN, ERROR, FATAL</label>
      <change>
        <condition match="$dropdown_input$ == &quot;type2&quot; AND len($value$)>0 AND NOT like($value$,&quot;%*%&quot;)">
          <set token="tokLogLevel">$value$</set>
        </condition>
        <condition match="$dropdown_input$ == &quot;type1&quot; AND len($value$)>0">
          <set token="tokLogLevel">$value$</set>
        </condition>
       </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <html rejects="$tokLogLevel$">
                 <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
                Log Level does not accept asterix (*)!!!
                 </div>
             </html>
      <table depends="$tokLogLevel$">
        <title>Log Level Volume</title>
        <search>
          <query>index="_internal" sourcetype=$dropdown_input$ log_level="$tokLogLevel$"
                | stats count by log_level
                | appendpipe [| makeresults
                | eval log_level="$tokLogLevel$",count=0
                | fields - _time]
                | dedup log_level</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>
0 Karma
Reply

DavidHourani
Super Champion
‎05-07-2019 04:30 AM

Hi @splunker12er,

Nice work !

The rest is easy, just duplicate the panel that includes your table and add a depends on the type1/type2 to each of those panels. One will allow wildcards and the others won't. Ez pz.

Another solution would be using double tokens : <panel depends="$token1$,$token2$"> which is also simple.

Cheers,
David

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...