Reporting

How to validate multiple parameters in an alert action?

boz_8058
Explorer

Here is my restmap.conf

[validation:savedsearch]

# Check for empty feed
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.",  1==1, null())

# Check for empty instance
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.",  1==1, null())

# Check for SSL
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.ssl' == "1" AND 'action.myApp.param.cert' == "action.myApp.param.cert", "Cert path cannot be empty when SSL checked.", 'action.myApp.param.ssl' == "1" AND 'action.myApp.param.cert' == "", "Cert path cannot be empty when SSL checked.",  1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")

Everything works as expected if I comment out the check for SSL line, however as soon as I uncomment that line, I can save the alert even if all of the fields have no values.

How can I get this to work?

action.myApp.param.ssl is a checkbox
action.myApp.param.cert is a string input

Labels (1)
0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Can you please try below

[validation:savedsearch]
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.", 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.", 'action.myApp.param.ssl' == "1" AND ('action.myApp.param.cert' == "action.myApp.param.cert" OR 'action.myApp.param.cert' == ""), "Cert path cannot be empty when SSL checked.", 1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Can you please try below

[validation:savedsearch]
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.", 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.", 'action.myApp.param.ssl' == "1" AND ('action.myApp.param.cert' == "action.myApp.param.cert" OR 'action.myApp.param.cert' == ""), "Cert path cannot be empty when SSL checked.", 1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")
0 Karma

boz_8058
Explorer

Works, thank you

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Glad to know that it worked.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Can you please provide your html code for checkbox ?

0 Karma

boz_8058
Explorer

Here are both checkbox and cert path

         <div class="control-group">
            <label class="control-label" for="ssl">Send using SSL?</label>
            <div class="controls">
                <label class="checkbox" for="ssl">
                  <input id="ssl" type="checkbox" name="action.myApp.param.ssl" value="1" />
                </label>
            </div>
        </div>
        <div class="control-group">
            <label class="control-label" for="cert">Certificate Path</label>
            <div class="controls">
                <input type="text" class="input-xlarge" name="action.myApp.param.cert" id="cert"  placeholder="Full path to certificate" />
            </div>
        </div>
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...