Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Error - search is waiting for the input
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error - search is waiting for the input
smanojkumar
Contributor
12-08-2023
02:39 AM
Hi There!
I'm facing the error "Search is waiting for the input"
<form stylesheet="dashboard.css,infobutton.css" script="multiselect_functions.js,infobutton.js" version="1.1" theme="dark">
<label>Agent Operational Dashboard</label>
<description>v4.3</description>
<init>
<set token="agent_index">1T</set>
<set token="console_stand_scope">OR `console_stand(*)`</set>
<set token="form.cacp">*</set>
<set token="form.sap">*</set>
<set token="form.origin">*</set>
</init>
<search id="init">
<done>
<condition match="isnull($scope$) OR $scope$ == "agent_console_"">
<set token="cmdb_scope">*</set>
</condition>
<condition match="$scope$ == "agent_cmdb_"">
<set token="cmdb_scope">IN</set>
</condition>
</done>
<query>
| makeresults
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search>
<query>
| makeresults
| eval LimitVersion_ens=`get_obsolete_version(Agent_Endpoint_Security)`
| eval LimitVersion_agent=`get_obsolete_version(Agent_Agent)`
</query>
<done>
<set token="ens_obsolete_version">$result.LimitVersion_ens$</set>
<set token="agent_obsolete_version">$result.LimitVersion_agent$</set>
</done>
</search>
<search id="compliance_agent">
<query>
`compliance_agent_op("agent_index_source IN($agent_index$) $console_stand_scope$", now(), $timerange$, agent,$machine$, $scope$, $origin$, $country$, $cacp$, $sap$)`
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search id="compliance_all_agent">
<query>
`compliance_agent_op("`agent_scope_filter($cmdb_scope$)`", now(), $timerange$, agent,$machine$, $scope$, $origin$, $country$, $cacp$, $sap$)`
</query>
<earliest>$search_start$</earliest>
<latest>$search_end$</latest>
</search>
<search>
<done>
<set token="search_start">$result.search_start$</set>
<set token="search_end">$result.search_end$</set>
</done>
<query>| makeresults
| fields - _time
| eval now=now()
| eval prev_day=if(strftime(now, "%a")="Mon" AND "$weekends$"="exclude", -3, -1)
| eval search_start=relative_time(now, prev_day."d@d")
| eval search_end=search_start + 86400</query>
</search>
<fieldset submitButton="false" autoRun="true">
<input type="multiselect" token="agent_index" searchWhenChanged="true">
<label>Choose Agent console</label>
<choice value="1T,2A*,2S">All</choice>
<choice value="1T">Agent Stand</choice>
<choice value="2A*">Agent Scad</choice>
<choice value="2S">Agent SCAPA</choice>
<default>1T</default>
<initialValue>1T</initialValue>
<delimiter>, </delimiter>
<change>
<set token="agent_index_label">$label$</set>
</change>
<change>
<condition match="like($agent_index$,"%1T23%")">
<set token="console_stand_scope">OR `console_stand($cmdb_scope$)`</set>
</condition>
<condition match="!like($agent_index$,"%1T23%")">
<set token="console_stand_scope"></set>
</condition>
</change>
</input>
<input type="dropdown" token="timerange" searchWhenChanged="true">
<label>Last Communication</label>
<choice value="-1d@d">Previous day</choice>
<choice value="-7d@d">Last 7 days</choice>
<choice value="-15d@d">Last 15 days</choice>
<choice value="-21d@d">Last 21 days</choice>
<choice value="-30d@d">Last 30 days</choice>
<choice value="-3mon">Last 3 months</choice>
<choice value="-6mon">Last 6 months</choice>
<choice value="-12mon">Last 1 year</choice>
<change>
<eval token="time_timechart">case($value$ == "-1d@d","1",$value$ == "-7d@d","2",$value$ == "-15d@d","3",$value$ == "-21d@d","4",$value$ == "-30d@d","5",$value$ == "-3mon","6",$value$ == "-6mon","7",$value$ == "-12mon","8")</eval>
</change>
<default>-15d@d</default>
<initialValue>-15d@d</initialValue>
</input>
<input type="radio" token="origin" searchWhenChanged="true">
<label>Location</label>
<choice value="*">All Locations</choice>
<choice value="NAT">NAT</choice>
<choice value="ROO">ROO</choice>
<default>*</default>
<initialValue>*</initialValue>
<change>
<unset token="form.country"></unset>
</change>
</input>
<input type="multiselect" token="country" searchWhenChanged="true">
<label>Country</label>
<search>
<query>| inputlookup b1a_asset_country.csv where nat_roo="$origin$"
| dedup country
| fields country </query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<delimiter> </delimiter>
<fieldForLabel>country</fieldForLabel>
<fieldForValue>country</fieldForValue>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="multiselect" token="machine" searchWhenChanged="true">
<label>Machine type</label>
<choice value="*">All</choice>
<choice value="VDI">VDI</choice>
<choice value="Industrial">Industrial</choice>
<choice value="Stand">Stand</choice>
<choice value="MacOS">MacOS</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="radio" token="business_assets" searchWhenChanged="true">
<label>Business assets</label>
<choice value="*">All assets</choice>
<choice value="cacp">CACP</choice>
<choice value="sap">SAP</choice>
<default>*</default>
<initialValue>*</initialValue>
<change>
<condition match="$business_assets$ == "cacp"">
<set token="cacp">true</set>
<set token="sap">*</set>
</condition>
<condition match="$business_assets$ == "sap"">
<set token="sap">true</set>
<set token="cacp">*</set>
</condition>
<condition match="$business_assets$ == "*"">
<set token="sap">*</set>
<set token="cacp">*</set>
</condition>
</change>
</input>
<input type="dropdown" token="scope" searchWhenChanged="true">
<label>Scope</label>
<choice value="agent_console_">Agent Console</choice>
<choice value="agent_cmdb_">CMDB</choice>
<default>agent_console_</default>
<initialValue>agent_console_</initialValue>
<change>
<condition match="$scope$ == "agent_console_"">
<unset token="cmdb_scope"></unset>
<set token="cmdb_scope">*</set>
</condition>
<condition match="$scope$ == "agent_cmdb_"">
<unset token="cmdb_scope"></unset>
<set token="cmdb_scope">IN</set>
</condition>
</change>
</input>
<input type="multiselect" token="office_filter" searchWhenChanged="true">
<label>Front/Back office (only Stand Global compliance)</label>
<choice value="Front Office">Front Office</choice>
<choice value="Back Office">Back Office</choice>
<initialValue>Front Office,Back Office</initialValue>
<default>Front Office,Back Office</default>
<valuePrefix>"</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter>, </delimiter>
<change>
<eval token="office_filter_drilldown">replace($form.office_filter$ + "","([^,]+),?","&form.office_filter=$1")</eval>
</change>
</input>
<input type="radio" token="weekends" searchWhenChanged="true">
<label>Weekends</label>
<choice value="exclude">Exclude Weekends</choice>
<choice value="include">Include Weekends</choice>
<default>exclude</default>
<initialValue>exclude</initialValue>
</input>
</fieldset>
<row>
<panel>
<title>Full Perimeter Compliance (all EPO)</title>
<chart>
<title>All Consoles</title>
<search base="compliance_all_agent">
<query>| chart count by $scope$global_compliance
| sort $scope$global_compliance</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">all</option>
<option name="charting.fieldColors">{"Compliant":0x55AA55,"Non Compliant":0xCC0000","Not Applicable":"0xFFC300 "}</option>
<option name="charting.seriesColors">[0x55AA55, 0xCC0000]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<link target="_blank">/app/agent_operational_antivirus_details?form.compliance_filter=$click.value$&form.agent_index=*&form.timerange=$timerange$&form.antivirus_filter=*&form.machine=$machine$&form.origin=$origin$&form.country=$country$&form.business_assets=$business_assets$&form.scope=$scope$</link>
</drilldown>
</chart>
</panel>
</row>
Thanks in Advance!!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
12-08-2023
05:58 AM
That message appears when a query uses a token that has no value. Check all tokens in the dashboard to make sure they are defined before the query executes. Perhaps there is a spelling error somewhere.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!
Splunk Observability for AI
Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...
Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...
Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights!
Duration: ...
Splunk Observability as Code: From Zero to Dashboard
For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...
