Hi
Is there a way to add a text box which excludes the value from the search results of dashboard? I have a dashboard with search
base search | stats count by port src_ip | search port!=$22$ , I have to create a text box which excludes that value and shows all other values, i have a issue by assisting default value to this input. any suggestions?
Option 1 would be to use text box prefix and suffix options to build text port!=<textBoxValue>
Following is easier option:
<fieldset submitButton="false">
<input type="text" token="filterPort">
<label>Filter Text</label>
<default>22</default>
<prefix>port!="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
And then use $filterPort$ in your search. If I was in your place I will filter port prior to stats in my base search.
base search $filterPort$| stats count by port src_ip
Option 2 would be to set token according to the data you have selected and code the text box change event to pass on the same to your search query:
<fieldset submitButton="false">
<input type="text" token="filterPort">
<label>Filter Text</label>
<default>22</default>
<change>
<set token="filterPort"> port!=$value$ </set>
</change>
</input>
</fieldset>
Your search query remains the same:
base search $filterPort$| stats count by port src_ip
Option 1 would be to use text box prefix and suffix options to build text port!=<textBoxValue>
Following is easier option:
<fieldset submitButton="false">
<input type="text" token="filterPort">
<label>Filter Text</label>
<default>22</default>
<prefix>port!="</prefix>
<suffix>"</suffix>
</input>
</fieldset>
And then use $filterPort$ in your search. If I was in your place I will filter port prior to stats in my base search.
base search $filterPort$| stats count by port src_ip
Option 2 would be to set token according to the data you have selected and code the text box change event to pass on the same to your search query:
<fieldset submitButton="false">
<input type="text" token="filterPort">
<label>Filter Text</label>
<default>22</default>
<change>
<set token="filterPort"> port!=$value$ </set>
</change>
</input>
</fieldset>
Your search query remains the same:
base search $filterPort$| stats count by port src_ip