How to change the output of a textbox based on use...

nabeel652 · ‎05-23-2019

I have two textboxes i) holds the keyword ii) hosts the exact flag

If user adds 0 in exact keyword flag - The the search should show the keyword added in first textbox as *keyword* otherwise it should show simply keyword. I tried Macro but it didn't work. Any ideas?

<form>
  <label>Test Dashboard</label>
  <fieldset submitButton="false">
    <input type="text" token="kwsearch">
      <label>field1</label>
    </input>
    <input type="text" token="exact">
      <label>field2</label>
      <default>0</default>
      <initialValue>0</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Results</title>
      <table>
        <search>
          <query>|makeresults | fields - _time | eval Result = `make_keyword($kwsearch$, $exact$)`</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

My Macro is:
make_keyword(2)
defined as:

if($exact$==0,"\"".$Product$."\"",$Product$)

whrg · ‎05-24-2019

Hello @nabeel652,

I just testet your dashboard. I believe the root of your troubles are missing quotation marks.

This will NOT work:

| makeresults | eval Result=test

This will also NOT work:

| makeresults | eval Result="\""+test+"\""

I got it working by putting quotation marks around $kwsearch$ without using a macro:

<query>|makeresults | fields - _time | eval Result=if($exact$==0,"\"$kwsearch$\"","$kwsearch$")</query>

How to change the output of a textbox based on user input and use it in search?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!