Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to put SearchBar & HiddenSearch module to work together ?

leo_wang
Path Finder
‎09-16-2010 10:25 AM

Hello,

I want to design an Form Seach which has a SearchBar on it to let user input their search keyords. And in this Form Search, I still want to has my own HiddenSearch to work together to do some extra jobs ( lookup or eval some fields) and filter the search results.

I had tried it but it seems that "SearchBar" & "HiddenSearch" can't work together, Is my idea possible ?

Regards,

Leo

Tags (1)
Reply

thall79
Communicator
‎09-16-2010 02:25 PM

Have you tried looking at Splunk.Module.TextSetting? For example I have a 2 TextSetting modules setup so that I can input a number for span of minutes and a number to filter out login attemps. I normally set it so I can see in a time span of 10 minutes to see failed login attemps and only show me users who have done it 3 or more times.

Here is the section for the TextSetting that I use to feed my hidden searches. 

  <module name="TextSetting" layoutPanel="panel_row1_col1_grp1">
   <param name="elementName">total_input</param>
   <param name="settingName">total_setting</param>
   <param name="label">Filter by Total:</param>

   <module name="ConvertToIntention">
    <param name="settingToConvert">total_setting</param>
    <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="total">
        <param name="value">$target$</param>
       </param>
      </param>
     </param>

Then in my hidden search I use:

| search Total>$total$

at the end of my search string to control that filter. So maybe you could have that TextSetting box feed the search part of the string of multiple HiddenSearch modules to give you different outputs with SimpleResultsTable, SimpleEventsViewer or a FlashChart.

Only problem I could see is the size of the box used to enter you search string. It's not that big on my dashboard (about 20 characters wide).

travis.

0 Karma
Reply

leo_wang
Path Finder
‎09-23-2010 03:22 PM

Thanks for your response, I had tried this, but the TextSetting module handle just one input value, what I want is the function like SearchBar fields, user can put multiple keywords in it (as many as they want....) and filters the search results.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...