Solved: How to get text input in a dashboard to return any...

snix · ‎02-26-2017

I have a dashboard with a text input that is assigned to a field in a saved search with a default * entered into it

Text input example:

<input type="text" token="DashboardInput_UserName" searchWhenChanged="true">
<label>User Name</label>
<default>*</default>
<initialValue>*</initialValue>
</input>

Search Example:

<query>index=iis ExternalUserName="$DashboarInput_UserName$"
</query>

The issue is I want it to by default show me every event but when you use a wildcard * as a default you get everything but null values and I will need the null values as well. Is this possible?

snix · ‎02-27-2017

Okay looks like I got a workaround that gets the result I am looking for. Instead of trying to find fields with actual values and null values, just fill in the null values with something like a - by using this command:

fillnull value=-

After I did that I was able to find all events by just using *

View solution in original post

snix · ‎02-27-2017

Okay looks like I got a workaround that gets the result I am looking for. Instead of trying to find fields with actual values and null values, just fill in the null values with something like a - by using this command:

fillnull value=-

After I did that I was able to find all events by just using *

How to get text input in a dashboard to return any result including null by default when assigned to a field in a saved search?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7