I have a form that is doing SQL seach and Splunk Search using one veriable input text. When I want to use a wild card in the form I put in a "%" for SQL but this does not work for Splunk. For splunk I need to use a "*".

I tried using the eval with the if commend to change the wild card but this did not work

useing:
<input type="text" token="ip">
IP Address

Then puting in the wild card "%" in the form

Then | dbquery MVM "SELECT * from TABLE WHERE IP LIKE '%$ip$%'

the SQL search runes like this | dbquery MVM "SELECT * from TABLE WHERE IP LIKE '%%%'

Then index=foo | eval ip=if(ip="%","*",ip) | search IP="*$ip$*"

the splunk search runes like this index=foo | eval ip=if(ip="%","*",ip) | search IP="*%*"

How can I convert the % to a * for the splunk search?