Dashboards & Visualizations

create a dashbord and use text field to search multi string

haddad
Explorer

hello all

i have created a dashboard for nessus report. the results are huge thus our users need to exclude some results

for example they need to exclude ssh and telnet vulnerability reports so they need a text field to type it and then in the background use as filed1!=ssh AND field2!=telnet.

my question is how to deploy this ? with only one input field and just type the string like " ssh telnet "

it it possible ? or any other solution ?

Tags (1)
0 Karma

renjith_nair
Legend

@haddad,

Try this

<form>
  <fieldset submitButton="false" autoRun="false">
    <input type="text" token="searchFilter">
      <label>Filter</label>
    </input>
  </fieldset>
  <search>
      <query>|stats count|eval s=split("$searchFilter$"," ")|fields s| eval x=mvjoin(s,",")|fields x</query>
      <done>
        <set token="finalFilter">$result.x$</set>
      </done>
  </search>  
  <row>
    <html>
      <h1>your final search |search NOT field IN ($finalFilter$)</h1>
    </html>
  </row>
</form>
---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...