Reporting

How to validate multiple parameters in an alert action?

boz_8058
Explorer

Here is my restmap.conf

[validation:savedsearch]

# Check for empty feed
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.",  1==1, null())

# Check for empty instance
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.",  1==1, null())

# Check for SSL
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.ssl' == "1" AND 'action.myApp.param.cert' == "action.myApp.param.cert", "Cert path cannot be empty when SSL checked.", 'action.myApp.param.ssl' == "1" AND 'action.myApp.param.cert' == "", "Cert path cannot be empty when SSL checked.",  1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")

Everything works as expected if I comment out the check for SSL line, however as soon as I uncomment that line, I can save the alert even if all of the fields have no values.

How can I get this to work?

action.myApp.param.ssl is a checkbox
action.myApp.param.cert is a string input

Labels (1)
0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Can you please try below

[validation:savedsearch]
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.", 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.", 'action.myApp.param.ssl' == "1" AND ('action.myApp.param.cert' == "action.myApp.param.cert" OR 'action.myApp.param.cert' == ""), "Cert path cannot be empty when SSL checked.", 1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")

View solution in original post

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Can you please try below

[validation:savedsearch]
action.myApp= case('action.myApp' != "1", null(), 'action.myApp.param.feed' == "action.myApp.param.feed" OR 'action.myApp.param.feed' == "", "Feed cannot be empty.", 'action.myApp.param.instance' == "action.myApp.param.instance" OR 'action.myApp.param.instance' == "", "Instance cannot be empty.", 'action.myApp.param.ssl' == "1" AND ('action.myApp.param.cert' == "action.myApp.param.cert" OR 'action.myApp.param.cert' == ""), "Cert path cannot be empty when SSL checked.", 1==1, null())

# Check for feed regex
action.myApp.param.feed = validate( match('action.myApp.param.feed', "^[A-Z0-9_-]{3,}$"), "Feed is invalid, see regex for detail.")

# Check for instance regex
action.myApp.param.instance = validate( match('action.myApp.param.instance', "^https?:\/\/([a-zA-Z]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):\d+([\/\w]*)?$"), "Instance is invalid, see regex for detail.")
0 Karma

boz_8058
Explorer

Works, thank you

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Glad to know that it worked.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Can you please provide your html code for checkbox ?

0 Karma

boz_8058
Explorer

Here are both checkbox and cert path

         <div class="control-group">
            <label class="control-label" for="ssl">Send using SSL?</label>
            <div class="controls">
                <label class="checkbox" for="ssl">
                  <input id="ssl" type="checkbox" name="action.myApp.param.ssl" value="1" />
                </label>
            </div>
        </div>
        <div class="control-group">
            <label class="control-label" for="cert">Certificate Path</label>
            <div class="controls">
                <input type="text" class="input-xlarge" name="action.myApp.param.cert" id="cert"  placeholder="Full path to certificate" />
            </div>
        </div>
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...