Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Prevent Wildcard In User Input
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I've developed a dashboard with text input for my user. However, I do not want my users to use wildcard in the input, is there any way to disable/prevent user from using wildcard (*)?
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Could you provide a drop down which is populated with all of the possible search items? Or are you looking for validation of input fields before they are submitted?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Option 1: Using eval with case() to set the token if asterix is not entered in the text box
<form>
<label>Text Box validation</label>
<fieldset submitButton="false">
<input type="text" token="selText">
<label>Enter Log Level (like INFO, WARN, ERROR, FATAL etc)</label>
<change>
<eval token="tokLogLevel">case(len($value$)>0 AND NOT like($value$,"%*%"),$value$)</eval>
</change>
</input>
</fieldset>
<row>
<panel>
<html rejects="$tokLogLevel$">
<div style="color:red;text-align:center;font-weight:bold;font-size:150%">
Log Level does not accept asterix (*)!!!
</div>
</html>
<table depends="$tokLogLevel$">
<title>Log Level Volume</title>
<search>
<query>index="_internal" sourcetype=splunkd log_level="$tokLogLevel$"
| stats count by log_level
| appendpipe [| makeresults
| eval log_level="$tokLogLevel$",count=0
| fields - _time]
| dedup log_level</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
Following is the run anywhere dashboard based on one of my previous answers: https://answers.splunk.com/answers/513440/how-to-validate-text-field-token-without-using-jav.html (I had assumed in my answer that SimpleXML will use JavaScript regular expression and match would work asterix but it did not 😞 )
Second Option: Using Dummy Search with eval match() to set the token if asterix is not entered in the text box:
<form>
<label>Text Box validation Option 2</label>
<fieldset submitButton="false">
<input type="text" token="selText" searchWhenChanged="true">
<label>Enter Log Level (like INFO, WARN, ERROR, FATAL etc)</label>
</input>
</fieldset>
<search>
<query>| makeresults
| eval testData="$selText$"
| eval tokLogLevel=case(len(testData)>0 AND match(testData,"^[^\*]+$"),testData)
| table testData tokLogLevel
</query>
<done>
<condition match="isnull($result.tokLogLevel$) OR isnull($form.selText$)">
<unset token="tokLogLevel"></unset>
</condition>
<condition>
<set token="tokLogLevel">$result.tokLogLevel$</set>
</condition>
</done>
</search>
<row>
<panel>
<html rejects="$tokLogLevel$">
<div style="color:red;text-align:center;font-weight:bold;font-size:150%">
Log Level does not accept asterix (*)!!!
</div>
</html>
<table depends="$tokLogLevel$">
<title>Log Level Volume</title>
<search>
<query>index="_internal" sourcetype=splunkd log_level="$tokLogLevel$"
| stats count by log_level
| appendpipe [| makeresults
| eval log_level="$tokLogLevel$",count=0
| fields - _time]
| dedup log_level</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Preventing wildcards in dashboard text form fields is relatively easy. Example preventing * asterisks from being entered. The result is a bold red error message and the search is not executed.
<input type="text" token="user_name">
<label>Username</label>
<change><!--event trigger on submit to check for * in the user_name field-->
<condition match="not like($value$,"*")">
<!--if input contains *, eval sets a token which stops the search and displays the html reject-->
<set token="logLevelTok">$value$</set>
</condition>
<condition><!--no * is in user_name field-->
<unset token="logLevelTok"></unset>
</condition>
</change>
</input>
<html rejects="$logLevelTok$">
<div>
<p style="color:red;font-weight:bold;font-size:150%;text-align:left;">
Asterisks "*" are not permitted.
</p>
</div>
</html>
,If you need an input text form field, you can prevent wildcards by tokens and conditions. Example:
<input type="text" token="user_name">
<label>Username</label>
<change><!--event triggered by submit, checks user_name field for astericks-->
<condition match="not like($value$,"*")">
<!--if input contains *, eval sets a token which stops the search and displays the html reject-->
<set token="logLevelTok">$value$</set>
</condition>
<condition><!--no * is in user_name field-->
<unset token="logLevelTok"></unset>
</condition>
</change>
</input>
<html rejects="$logLevelTok$">
<div>
<p style="color:red;font-weight:bold;font-size:150%;text-align:left;">
Asterisks "*" are not permitted.
</p>
</div>
</html>
The output is bold letters warning the user about wild cards just below the form field.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Could you provide a drop down which is populated with all of the possible search items? Or are you looking for validation of input fields before they are submitted?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi BlueSocket,
Thanks for the quick response. I'm actually looking for a relatively straightforward way (if any) to prevent user from using wildcard in Text Input. But I think you just enlightened me to use drop down instead for that purpose. (I guess input validation with js would work for Text Input too). Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's easier to do the drop down, seriously
Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...
Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...
Reduce and Transform Your Firewall Data with Splunk Data Management
