Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Exclude results using checkbox
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tomapatan
Contributor
02-02-2023
03:15 AM
I have the following search which returns a table of all hostnames and operating systems.
| inputlookup hosts.csv
| search OS="*server*"
| table hostname, OS
I would like to add a checkbox to exclude Windows Server 2008 builds. This is what I have so far:
<row>
<panel>
<input type="checkbox" token="checkbox" searchWhenChanged="true">
<label></label>
<choice value="Windows Server 2008*">Exclude Server 2008</choice>
<change>
<condition match="$checkbox$=="Enabled"">
<set token="setToken">1</set>
</condition>
<condition>
<unset token="setToken"></unset>
</condition>
</change>
</input>
</panel>
</row>
New panel to show server builds depending on the checkbox:
<query>
| inputlookup hosts.csv
| search OS="*server*" AND OS!="$checkbox$"
| stats count as total
<query>
This only works when the checkbox is selected and correctly excludes the 2008 builds from the search, but doesn`t display anything when the checkbox is unselected. I would like to display all devices when the checkbox is unselected.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PaulPanther
Motivator
02-02-2023
04:43 AM
<row>
<panel>
<input type="checkbox" token="checkbox" searchWhenChanged="true">
<label></label>
<choice value="Windows Server 2008*">Exclude Server 2008</choice>
<delimiter> </delimiter>
<change>
<condition label="Exclude Server 2008">
<set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
</condition>
<condition>
<set token="tokenFilter"></set>
</condition>
</change>
</input>
</panel>
</row>and adjust your search like
| inputlookup hosts.csv
| search OS="*server*" $tokenFilter$
| stats count as total- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tomapatan
Contributor
02-02-2023
05:08 AM
Thanks Paul, unfortunately it now does the opposite as before: displays correctly when the checkbox is selected and no content when it`s checked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PaulPanther
Motivator
02-02-2023
05:21 AM
Just use below test dashboard for verification. There might be something wrong in your search or in the input config. Feel free to share your code.
<form version="1.1">
<label>Test_checkbox</label>
<fieldset submitButton="false"></fieldset>
<row>
<panel>
<input type="checkbox" token="checkbox" searchWhenChanged="true">
<label></label>
<choice value="Windows Server 2008*">Exclude Server 2008</choice>
<delimiter> </delimiter>
<change>
<condition label="Exclude Server 2008">
<set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
</condition>
<condition>
<set token="tokenFilter"></set>
</condition>
</change>
</input>
</panel>
</row>
<row>
<panel>
<event>
<search>
<query>index=_internal OS="*server*" $tokenFilter$
| stats count as total</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="list.drilldown">none</option>
<option name="refresh.display">progressbar</option>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PaulPanther
Motivator
02-02-2023
04:43 AM
<row>
<panel>
<input type="checkbox" token="checkbox" searchWhenChanged="true">
<label></label>
<choice value="Windows Server 2008*">Exclude Server 2008</choice>
<delimiter> </delimiter>
<change>
<condition label="Exclude Server 2008">
<set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
</condition>
<condition>
<set token="tokenFilter"></set>
</condition>
</change>
</input>
</panel>
</row>and adjust your search like
| inputlookup hosts.csv
| search OS="*server*" $tokenFilter$
| stats count as total- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tomapatan
Contributor
02-02-2023
05:35 AM
Thanks Paul,
I made the mistake of encapsulating $tokenFilter$ in double quotes. Works fine without the quotes.
Get Updates on the Splunk Community!
The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...
The same scenario plays out across financial institutions daily. A payment system fails at 11:30 AM on a busy ...
Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25
Hello Splunkers,
Want to attend .conf25 in Boston this year but not sure how to convince your manager? We've ...
Community Spotlight: A Splunk Expert's Journey
In the world of data analytics, some journeys leave a lasting impact not only on the individual but on the ...
