Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HTML Dashboard - Clarification on the search

Jananee_iNautix
Path Finder
‎04-30-2014 06:14 AM

A HTML Dashboard is created that has five textboxes and one search button.When the search button is clicked,the values given in the textboxes get replaced in the search query and search will run displaying the results.Here,the search will produce the result only when ALL THE FIVE TEXTBOXES are supplied with the value.

If any of five textboxes information is provided, currently the error message dispalyed is "Search query fully not resolved" in the result panel.
Is it possible to run the search successfully providing few of the five textboxes info.

For example,
There are three textboxes named Filename, Server ,Service and one Search button.The search involved to display the results is as
"main search query"|search Filename=$Filename Server=$server$ Service=$service$.

When all the three values are supplied, the given values get replaced in the search query and the results are displayed with no issues.

But only if two of th three (or) one of the three textboxes are supplied with value and others being left blank,the search query is not working.Is there any way to make the search query work with minimal fields supplied with values?

Tags (1)
0 Karma
Reply

aholzer
Motivator
‎04-30-2014 06:47 AM

You need to define a default value for the search to have when nothing is set.

Here's the code to do it with in simple xml:

    <input type="text" token="Filename">
      <label>Enter a Filename:</label>
      <default>*</default>
    </input>

This is how you do it inside an HTML:

 <div class="fieldset">
    <div class="input input-text" id="field1">
        <label>Enter an integer N:</label>
    </div>
    <div class="input form-submit" id="search_btn">
        <button class="btn btn-primary submit">Search</button>
    </div>
</div>

And you set the default value with javascript:

var field1 = new TextInput({
            "id": "field1",
            "default": "1",
            "value": "$form.limit$",
            "el": $('#field1')
        }, {tokens: true}).render();

Hope this helps.

Note that you can find a lot of examples like the above from the example dashboards app that Splunk has available for downloads.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...