Splunk Search
Highlighted

Prevent Wildcard In User Input

Path Finder

Hi everyone,

I've developed a dashboard with text input for my user. However, I do not want my users to use wildcard in the input, is there any way to disable/prevent user from using wildcard (*)?

Thanks!!

0 Karma
Highlighted

Re: Prevent Wildcard In User Input

Communicator

Hi,

Could you provide a drop down which is populated with all of the possible search items? Or are you looking for validation of input fields before they are submitted?

View solution in original post

0 Karma
Highlighted

Re: Prevent Wildcard In User Input

Path Finder

Hi BlueSocket,

Thanks for the quick response. I'm actually looking for a relatively straightforward way (if any) to prevent user from using wildcard in Text Input. But I think you just enlightened me to use drop down instead for that purpose. (I guess input validation with js would work for Text Input too). Thanks!!

0 Karma
Highlighted

Re: Prevent Wildcard In User Input

Communicator

It's easier to do the drop down, seriously

0 Karma
Highlighted

Re: Prevent Wildcard In User Input

New Member

Preventing wildcards in dashboard text form fields is relatively easy. Example preventing * asterisks from being entered. The result is a bold red error message and the search is not executed.

<input type="text" token="user_name">
  <label>Username</label>
      <change><!--event trigger on submit to check for * in the user_name field-->
      <condition match="not like($value$,&quot;*&quot;)">
        <!--if input contains *, eval sets a token which stops the search and displays the html reject-->
       <set token="logLevelTok">$value$</set>
    </condition>
    <condition><!--no * is in user_name field-->
       <unset token="logLevelTok"></unset>
    </condition>
   </change>
</input>
  <html rejects="$logLevelTok$">
     <div>
       <p style="color:red;font-weight:bold;font-size:150%;text-align:left;">
       Asterisks &quot;*&quot; are not permitted.
       </p>
     </div>
  </html>

,If you need an input text form field, you can prevent wildcards by tokens and conditions. Example:

<input type="text" token="user_name">
  <label>Username</label>
      <change><!--event triggered by submit, checks user_name field for astericks-->
      <condition match="not like($value$,&quot;*&quot;)">
        <!--if input contains *, eval sets a token which stops the search and displays the html reject-->
       <set token="logLevelTok">$value$</set>
    </condition>
    <condition><!--no * is in user_name field-->
       <unset token="logLevelTok"></unset>
    </condition>
   </change>
</input>
  <html rejects="$logLevelTok$">
     <div>
       <p style="color:red;font-weight:bold;font-size:150%;text-align:left;">
       Asterisks &quot;*&quot; are not permitted.
       </p>
     </div>
  </html>

The output is bold letters warning the user about wild cards just below the form field.

0 Karma
Highlighted

Re: Prevent Wildcard In User Input

Legend

Option 1: Using eval with case() to set the token if asterix is not entered in the text box

<form>
  <label>Text Box validation</label>
  <fieldset submitButton="false">
    <input type="text" token="selText">
      <label>Enter Log Level (like INFO, WARN, ERROR, FATAL etc)</label>
      <change>
        <eval token="tokLogLevel">case(len($value$)&gt;0 AND NOT like($value$,"%*%"),$value$)</eval>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <html rejects="$tokLogLevel$">
        <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
          Log Level does not accept asterix (*)!!!
        </div>
      </html>
      <table depends="$tokLogLevel$">
        <title>Log Level Volume</title>
        <search>
          <query>index="_internal" sourcetype=splunkd log_level="$tokLogLevel$"
          | stats count by log_level
          | appendpipe [| makeresults
          | eval log_level="$tokLogLevel$",count=0
          | fields - _time]
          | dedup log_level</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

Following is the run anywhere dashboard based on one of my previous answers: https://answers.splunk.com/answers/513440/how-to-validate-text-field-token-without-using-jav.html (I had assumed in my answer that SimpleXML will use JavaScript regular expression and match would work asterix but it did not 😞 )

Second Option: Using Dummy Search with eval match() to set the token if asterix is not entered in the text box:

<form>
  <label>Text Box validation Option 2</label>
  <fieldset submitButton="false">
    <input type="text" token="selText" searchWhenChanged="true">
      <label>Enter Log Level (like INFO, WARN, ERROR, FATAL etc)</label>
    </input>
  </fieldset>
  <search>
    <query>|  makeresults
|  eval testData="$selText$"
|  eval tokLogLevel=case(len(testData)&gt;0 AND match(testData,"^[^\*]+$"),testData)
|  table testData tokLogLevel
    </query>
    <done>
      <condition match="isnull($result.tokLogLevel$) OR isnull($form.selText$)">
        <unset token="tokLogLevel"></unset>
      </condition>
      <condition>
        <set token="tokLogLevel">$result.tokLogLevel$</set>
      </condition>
    </done>
  </search>
  <row>
    <panel>
      <html rejects="$tokLogLevel$">
        <div style="color:red;text-align:center;font-weight:bold;font-size:150%">
          Log Level does not accept asterix (*)!!!
        </div>
      </html>
      <table depends="$tokLogLevel$">
        <title>Log Level Volume</title>
        <search>
          <query>index="_internal" sourcetype=splunkd log_level="$tokLogLevel$"
          | stats count by log_level
          | appendpipe [| makeresults
          | eval log_level="$tokLogLevel$",count=0
          | fields - _time]
          | dedup log_level</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.