Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to exclude results using checkbox?

tomapatan
Contributor
‎02-02-2023 03:15 AM

I have the following search which returns a table of all hostnames and operating systems.

| inputlookup hosts.csv
| search OS="*server*"
| table hostname, OS

I would like to add a checkbox to exclude Windows Server 2008 builds. This is what I have so far:

<row>
<panel>
<input type="checkbox" token="checkbox" searchWhenChanged="true">
<label></label>
<choice value="Windows Server 2008*">Exclude Server 2008</choice>
<change>
<condition match="$checkbox$==&quot;Enabled&quot;">
<set token="setToken">1</set>
</condition>
<condition>
<unset token="setToken"></unset>
</condition>
</change>
</input>
</panel>
</row>

 

New panel to show server builds depending on the checkbox:

<query>

| inputlookup hosts.csv
| search OS="*server*" AND OS!="$checkbox$"
| stats count as total

<query>

This only works when the checkbox is selected and correctly excludes the 2008 builds from the search, but doesn`t display anything when the checkbox is unselected. I would like to display all devices when the  checkbox is unselected.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PaulPanther
Motivator
‎02-02-2023 04:43 AM 
  <row>
    <panel>
      <input type="checkbox" token="checkbox" searchWhenChanged="true">
        <label></label>
        <choice value="Windows Server 2008*">Exclude Server 2008</choice>
        <delimiter> </delimiter>
        <change>
          <condition label="Exclude Server 2008">
            <set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
          </condition>
          <condition>
            <set token="tokenFilter"></set>
          </condition>
        </change>
      </input>
    </panel>
  </row>

and adjust your search like

| inputlookup hosts.csv
| search OS="*server*"  $tokenFilter$
| stats count as total

View solution in original post

0 Karma
Reply
Solved! Jump to solution

tomapatan
Contributor
‎02-02-2023 05:08 AM

Thanks Paul, unfortunately it now does the opposite as before: displays correctly when the checkbox is selected and no content when it`s checked.

0 Karma
Reply
Solved! Jump to solution

PaulPanther
Motivator
‎02-02-2023 05:21 AM

Just use below test dashboard  for verification. There might be something wrong in your search or in the input config. Feel free to share your code.

 

<form version="1.1">
  <label>Test_checkbox</label>
  <fieldset submitButton="false"></fieldset>
  <row>
    <panel>
      <input type="checkbox" token="checkbox" searchWhenChanged="true">
        <label></label>
        <choice value="Windows Server 2008*">Exclude Server 2008</choice>
        <delimiter> </delimiter>
        <change>
          <condition label="Exclude Server 2008">
            <set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
          </condition>
          <condition>
            <set token="tokenFilter"></set>
          </condition>
        </change>
      </input>
    </panel>
  </row>
  <row>
    <panel>
      <event>
        <search>
          <query>index=_internal OS="*server*" $tokenFilter$
| stats count as total</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="list.drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </event>
    </panel>
  </row>
</form>

 

0 Karma
Reply
Solved! Jump to solution
Solution

PaulPanther
Motivator
‎02-02-2023 04:43 AM 
  <row>
    <panel>
      <input type="checkbox" token="checkbox" searchWhenChanged="true">
        <label></label>
        <choice value="Windows Server 2008*">Exclude Server 2008</choice>
        <delimiter> </delimiter>
        <change>
          <condition label="Exclude Server 2008">
            <set token="tokenFilter">AND OS!="Windows Server 2008*"</set>
          </condition>
          <condition>
            <set token="tokenFilter"></set>
          </condition>
        </change>
      </input>
    </panel>
  </row>

and adjust your search like

| inputlookup hosts.csv
| search OS="*server*"  $tokenFilter$
| stats count as total
0 Karma
Reply
Solved! Jump to solution

tomapatan
Contributor
‎02-02-2023 05:35 AM

Thanks Paul,

I made the mistake of encapsulating $tokenFilter$ in double quotes. Works fine without the quotes.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...