Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Error - search is waiting for the input
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error - search is waiting for the input
smanojkumar
Contributor
12-08-2023
02:39 AM
Hi There!
I'm facing the error "Search is waiting for the input"
<form stylesheet="dashboard.css,infobutton.css" script="multiselect_functions.js,infobutton.js" version="1.1" theme="dark">
<label>Agent Operational Dashboard</label>
<description>v4.3</description>
<init>
<set token="agent_index">1T</set>
<set token="console_stand_scope">OR `console_stand(*)`</set>
<set token="form.cacp">*</set>
<set token="form.sap">*</set>
<set token="form.origin">*</set>
</init>
<search id="init">
<done>
<condition match="isnull($scope$) OR $scope$ == "agent_console_"">
<set token="cmdb_scope">*</set>
</condition>
<condition match="$scope$ == "agent_cmdb_"">
<set token="cmdb_scope">IN</set>
</condition>
</done>
<query>
| makeresults
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search>
<query>
| makeresults
| eval LimitVersion_ens=`get_obsolete_version(Agent_Endpoint_Security)`
| eval LimitVersion_agent=`get_obsolete_version(Agent_Agent)`
</query>
<done>
<set token="ens_obsolete_version">$result.LimitVersion_ens$</set>
<set token="agent_obsolete_version">$result.LimitVersion_agent$</set>
</done>
</search>
<search id="compliance_agent">
<query>
`compliance_agent_op("agent_index_source IN($agent_index$) $console_stand_scope$", now(), $timerange$, agent,$machine$, $scope$, $origin$, $country$, $cacp$, $sap$)`
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search id="compliance_all_agent">
<query>
`compliance_agent_op("`agent_scope_filter($cmdb_scope$)`", now(), $timerange$, agent,$machine$, $scope$, $origin$, $country$, $cacp$, $sap$)`
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search>
<done>
<set token="search_start">$result.search_start$</set>
<set token="search_end">$result.search_end$</set>
</done>
<query>| makeresults
| fields - _time
| eval now=now()
| eval prev_day=if(strftime(now, "%a")="Mon" AND "$weekends$"="exclude", -3, -1)
| eval search_start=relative_time(now, prev_day."d@d")
| eval search_end=search_start + 86400</query>
</search>
<fieldset submitButton="false" autoRun="true">
<input type="multiselect" token="agent_index" searchWhenChanged="true">
<label>Choose Agent console</label>
<choice value="1T,2A*,2S">All</choice>
<choice value="1T">Agent Stand</choice>
<choice value="2A*">Agent Scad</choice>
<choice value="2S">Agent SCAPA</choice>
<default>1T</default>
<initialValue>1T</initialValue>
<delimiter>, </delimiter>
<change>
<set token="agent_index_label">$label$</set>
</change>
<change>
<condition match="like($agent_index$,"%1T23%")">
<set token="console_stand_scope">OR `console_stand($cmdb_scope$)`</set>
</condition>
<condition match="!like($agent_index$,"%1T23%")">
<set token="console_stand_scope"></set>
</condition>
</change>
</input>
<input type="dropdown" token="timerange" searchWhenChanged="true">
<label>Last Communication</label>
<choice value="-1d@d">Previous day</choice>
<choice value="-7d@d">Last 7 days</choice>
<choice value="-15d@d">Last 15 days</choice>
<choice value="-21d@d">Last 21 days</choice>
<choice value="-30d@d">Last 30 days</choice>
<choice value="-3mon">Last 3 months</choice>
<choice value="-6mon">Last 6 months</choice>
<choice value="-12mon">Last 1 year</choice>
<change>
<eval token="time_timechart">case($value$ == "-1d@d","1",$value$ == "-7d@d","2",$value$ == "-15d@d","3",$value$ == "-21d@d","4",$value$ == "-30d@d","5",$value$ == "-3mon","6",$value$ == "-6mon","7",$value$ == "-12mon","8")</eval>
</change>
<default>-15d@d</default>
<initialValue>-15d@d</initialValue>
</input>
<input type="radio" token="origin" searchWhenChanged="true">
<label>Location</label>
<choice value="*">All Locations</choice>
<choice value="NAT">NAT</choice>
<choice value="ROO">ROO</choice>
<default>*</default>
<initialValue>*</initialValue>
<change>
<unset token="form.country"></unset>
</change>
</input>
<input type="multiselect" token="country" searchWhenChanged="true">
<label>Country</label>
<search>
<query>| inputlookup b1a_asset_country.csv where nat_roo="$origin$"
| dedup country
| fields country </query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter> </delimiter>
<fieldForLabel>country</fieldForLabel>
<fieldForValue>country</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="multiselect" token="machine" searchWhenChanged="true">
<label>Machine type</label>
<choice value="*">All</choice>
<choice value="VDI">VDI</choice>
<choice value="Industrial">Industrial</choice>
<choice value="Stand">Stand</choice>
<choice value="MacOS">MacOS</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="radio" token="business_assets" searchWhenChanged="true">
<label>Business assets</label>
<choice value="*">All assets</choice>
<choice value="cacp">CACP</choice>
<choice value="sap">SAP</choice>
<default>*</default>
<initialValue>*</initialValue>
<change>
<condition match="$business_assets$ == "cacp"">
<set token="cacp">true</set>
<set token="sap">*</set>
</condition>
<condition match="$business_assets$ == "sap"">
<set token="sap">true</set>
<set token="cacp">*</set>
</condition>
<condition match="$business_assets$ == "*"">
<set token="sap">*</set>
<set token="cacp">*</set>
</condition>
</change>
</input>
<input type="dropdown" token="scope" searchWhenChanged="true">
<label>Scope</label>
<choice value="agent_console_">Agent Console</choice>
<choice value="agent_cmdb_">CMDB</choice>
<default>agent_console_</default>
<initialValue>agent_console_</initialValue>
<change>
<condition match="$scope$ == "agent_console_"">
<unset token="cmdb_scope"></unset>
<set token="cmdb_scope">*</set>
</condition>
<condition match="$scope$ == "agent_cmdb_"">
<unset token="cmdb_scope"></unset>
<set token="cmdb_scope">IN</set>
</condition>
</change>
</input>
<input type="multiselect" token="office_filter" searchWhenChanged="true">
<label>Front/Back office (only Stand Global compliance)</label>
<choice value="Front Office">Front Office</choice>
<choice value="Back Office">Back Office</choice>
<initialValue>Front Office,Back Office</initialValue>
<default>Front Office,Back Office</default>
<valuePrefix>"</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter>, </delimiter>
<change>
<eval token="office_filter_drilldown">replace($form.office_filter$ + "","([^,]+),?","&form.office_filter=$1")</eval>
</change>
</input>
<input type="radio" token="weekends" searchWhenChanged="true">
<label>Weekends</label>
<choice value="exclude">Exclude Weekends</choice>
<choice value="include">Include Weekends</choice>
<default>exclude</default>
<initialValue>exclude</initialValue>
</input>
</fieldset>
<row>
<panel>
<title>Full Perimeter Compliance (all EPO)</title>
<chart>
<title>All Consoles</title>
<search base="compliance_all_agent">
<query>| chart count by $scope$global_compliance
| sort $scope$global_compliance</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
<option name="charting.fieldColors">{"Compliant":0x55AA55,"Non Compliant":0xCC0000","Not Applicable":"0xFFC300 "}</option>
<option name="charting.seriesColors">[0x55AA55, 0xCC0000]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<link target="_blank">/app/agent_operational_antivirus_details?form.compliance_filter=$click.value$&form.agent_index=*&form.timerange=$timerange$&form.antivirus_filter=*&form.machine=$machine$&form.origin=$origin$&form.country=$country$&form.business_assets=$business_assets$&form.scope=$scope$</link>
</drilldown>
</chart>
</panel>
</row>
Thanks in Advance!!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
12-08-2023
05:58 AM
That message appears when a query uses a token that has no value. Check all tokens in the dashboard to make sure they are defined before the query executes. Perhaps there is a spelling error somewhere.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...
Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...
Customer success is front and center at .conf25
Hi Splunkers,
If you are not able to be at .conf25 in person, you can still learn about all the latest news ...
.conf25 Global Broadcast: Don’t Miss a Moment
Hello Splunkers,
.conf25 is only a click away.
Not able to make it to .conf25 in person? No worries, you can ...
