Splunk Search

HTML Dashboard - Clarification on the search

Jananee_iNautix
Path Finder

A HTML Dashboard is created that has five textboxes and one search button.When the search button is clicked,the values given in the textboxes get replaced in the search query and search will run displaying the results.Here,the search will produce the result only when ALL THE FIVE TEXTBOXES are supplied with the value.

If any of five textboxes information is provided, currently the error message dispalyed is "Search query fully not resolved" in the result panel.
Is it possible to run the search successfully providing few of the five textboxes info.

For example,
There are three textboxes named Filename, Server ,Service and one Search button.The search involved to display the results is as
"main search query"|search Filename=$Filename Server=$server$ Service=$service$.

When all the three values are supplied, the given values get replaced in the search query and the results are displayed with no issues.

But only if two of th three (or) one of the three textboxes are supplied with value and others being left blank,the search query is not working.Is there any way to make the search query work with minimal fields supplied with values?

Tags (1)
0 Karma

aholzer
Motivator

You need to define a default value for the search to have when nothing is set.

Here's the code to do it with in simple xml:

    <input type="text" token="Filename">
      <label>Enter a Filename:</label>
      <default>*</default>
    </input>

This is how you do it inside an HTML:

 <div class="fieldset">
    <div class="input input-text" id="field1">
        <label>Enter an integer N:</label>
    </div>
    <div class="input form-submit" id="search_btn">
        <button class="btn btn-primary submit">Search</button>
    </div>
</div>

And you set the default value with javascript:

var field1 = new TextInput({
            "id": "field1",
            "default": "1",
            "value": "$form.limit$",
            "el": $('#field1')
        }, {tokens: true}).render();

Hope this helps.

Note that you can find a lot of examples like the above from the example dashboards app that Splunk has available for downloads.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...