Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HTML Dashboard - Clarification on the search

Jananee_iNautix
Path Finder
‎04-30-2014 06:14 AM

A HTML Dashboard is created that has five textboxes and one search button.When the search button is clicked,the values given in the textboxes get replaced in the search query and search will run displaying the results.Here,the search will produce the result only when ALL THE FIVE TEXTBOXES are supplied with the value.

If any of five textboxes information is provided, currently the error message dispalyed is "Search query fully not resolved" in the result panel.
Is it possible to run the search successfully providing few of the five textboxes info.

For example,
There are three textboxes named Filename, Server ,Service and one Search button.The search involved to display the results is as
"main search query"|search Filename=$Filename Server=$server$ Service=$service$.

When all the three values are supplied, the given values get replaced in the search query and the results are displayed with no issues.

But only if two of th three (or) one of the three textboxes are supplied with value and others being left blank,the search query is not working.Is there any way to make the search query work with minimal fields supplied with values?

Tags (1)
0 Karma
Reply

aholzer
Motivator
‎04-30-2014 06:47 AM

You need to define a default value for the search to have when nothing is set.

Here's the code to do it with in simple xml:

    <input type="text" token="Filename">
      <label>Enter a Filename:</label>
      <default>*</default>
    </input>

This is how you do it inside an HTML:

 <div class="fieldset">
    <div class="input input-text" id="field1">
        <label>Enter an integer N:</label>
    </div>
    <div class="input form-submit" id="search_btn">
        <button class="btn btn-primary submit">Search</button>
    </div>
</div>

And you set the default value with javascript:

var field1 = new TextInput({
            "id": "field1",
            "default": "1",
            "value": "$form.limit$",
            "el": $('#field1')
        }, {tokens: true}).render();

Hope this helps.

Note that you can find a lot of examples like the above from the example dashboards app that Splunk has available for downloads.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...