- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Radiobutton issue: have to reselect it every time ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We'd like to provide a basic dashboard to our analysts to help them to search the information in an asset lookup based on its name, IP or Mac addresses. By default we'd like to use a wildcard with the text input (in case of multiple values in the field), but we'd like to leave an option to suppress the wildcard as well. For this purpose we use a radiobutton. Here is our dashboard:
<form>
<label>Asset Info</label>
<fieldset submitButton="true" autoRun="false">
<input type="text" token="input">
<label>Name, IP or Mac</label>
<default></default>
</input>
<input type="radio" token="field1" searchWhenChanged="true">
<label>Exact Value</label>
<choice value="Yes">Yes</choice>
<choice value="No">No</choice>
<change>
<condition value="No">
<set token="myseaerch">| inputlookup assets_info.csv
| search name=*$input$* OR ip=*$input$* OR mac=*$input$*
| table name, ip, mac, zone, classification, status, os, serial_number</set>
</condition>
<condition value="Yes">
<set token="myseaerch">| inputlookup assets_info.csv
| search name=$input$ OR ip=$input$ OR mac=$input$
| table name, ip, mac, zone, classification, status, os, serial_number</set>
</condition>
</change>
<initialValue>No</initialValue>
<default>No</default>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Asset Info</title>
<search>
<query>$myseaerch$</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
Unfortunately, for some reason we need to reselect a radiobutton every time we want to resubmit the search. I mean, we can't just leave it in "No" position and resubmit a search with a new text input, but have to switch to "Yes" and then back to "No" in order to make it work.
Do you have any idea what the issue is cased by and how it could be fixed?
Thanks for the help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats because you are using 'sets' based on 'conditions', when on load neither is set.
Another way to achieve the same results without conditions:
<form>
<label>Asset Info</label>
<fieldset submitButton="true" autoRun="false">
<input type="text" token="input">
<label>Name, IP or Mac</label>
<default></default>
</input>
<input type="radio" token="wildcard" searchWhenChanged="true">
<label>Exact Value</label>
<choice value="*">Yes</choice>
<choice value="">No</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Asset Info</title>
<search>
<query>| inputlookup assets_info.csv
| search name=$wildcard$$input$$wildcard$ OR mac=$wildcard$$input$$wildcard$
| table name, ip, mac, zone, classification, status, os, serial_number</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to keep your condition approach, you can set the radio button to a value on load:
<init>
<set token="field1">Yes</set>
</init>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats because you are using 'sets' based on 'conditions', when on load neither is set.
Another way to achieve the same results without conditions:
<form>
<label>Asset Info</label>
<fieldset submitButton="true" autoRun="false">
<input type="text" token="input">
<label>Name, IP or Mac</label>
<default></default>
</input>
<input type="radio" token="wildcard" searchWhenChanged="true">
<label>Exact Value</label>
<choice value="*">Yes</choice>
<choice value="">No</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
</fieldset>
<row>
<panel>
<table>
<title>Asset Info</title>
<search>
<query>| inputlookup assets_info.csv
| search name=$wildcard$$input$$wildcard$ OR mac=$wildcard$$input$$wildcard$
| table name, ip, mac, zone, classification, status, os, serial_number</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @nickhillscpl ,
Thanks for the help! It's definitely a better way to execute the search.
I have just another small issue: if I leave <default>*</default> line, it becomes impossible to select radiobutton values (between "Yes" and "No"). At the same time with <default></default> it works totally fine.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, thats a bit odd. I can't really explain that.
Leave it out - it wont make any difference if you use it as a dashboard.
If ever you use the dashboard as a drilldown target, you will just have to remember to define its value as a parameter
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
