Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Use checkboxes to build a search query using AND or OR

brettcave
Builder
‎10-05-2012 02:14 AM

Is it possible to build a form with checkboxes to build a query? Something like:

< input type="checkbox" token="someToken" fieldname="aField" multi-operator="OR">
< choice value="one">One< /choice>
< choice value="two">Two< /choice>

And then a search like ($someToken$) AND ... will result in the following query if both are checked: (aField="one" OR aField="two") AND ....

If its not possible to get a multi-option input at the input definition, then is there a way to create some sort of iterator in the searchTemplate of a form for multi-valued inputs?

Reply

sideview
SplunkTrust
SplunkTrust
‎02-12-2013 11:58 PM

As of Sideview Utils 2.4, which just released today, there is a new Checkboxes module. It's behavior really mirrors that of the Sideview Pulldown module in multiple selection mode, except that instead of presenting the user with a multiple-select pulldown, it of course presents the user with a number of checkboxes. As with Pulldown, the dashboard developer can configure some of them statically, some dynamically, etc..

And as with the Pulldown module in multiple selection mode, the final output is a search expression like ( foo="value1" OR foo="value2" OR foo="value13" ). Or with different config it could be | fields host sourcetype field17 field29 and so on and so forth.

There is a page of documentation about the module. After downloading the latest, installing it and restarting Splunk, navigate to "Module Documentation > Advanced modules > The Checkboxes module". Note that there is also a Checkbox module but that is for simpler cases where you only want a single checkbox element.

http://sideviewapps.com/apps/sideview-utils

0 Karma
Reply

brettcave
Builder
‎01-30-2013 02:04 AM

This is one approach: http://splunk-base.splunk.com/answers/57307/extendedfieldsearch-intentions-and-radio-buttons

This is not how I solved our problem, I will post below....

0 Karma
Reply

jpass
Contributor
‎01-29-2013 04:30 PM

So how did you do this? I see you found an answer but would you be so kind as to show the search you came up with and the logic behind the checkboxes?

Reply

Drainy
Champion
‎10-05-2012 02:25 AM

Whilst I've generally avoided talking about sideview utils on Splunk-base... it has a fantastic checkbox module that has a value for offValue and onValue. Within that you can specify search terms. For one customer I have included it ticked by default and then specified an offValue so that if they untick it additional search terms including many NOT's are added to the search to help filter it off.

http://splunk-base.splunk.com/apps/36405/sideview-utils

Reply

sideview
SplunkTrust
SplunkTrust
‎10-05-2012 09:29 AM

(Thanks Drainy) + Note that the much newer and improved version of Sideview Utils (2.1.2) is available since earlier this year from the Sideview site @ http://sideviewapps.com/apps/sideview-utils. Not to mention 2.2 which comes out next week. You can follow me on twitter to get updates about releases @sideview_apps

Reply

brettcave
Builder
‎10-05-2012 02:35 AM

awesome, thanks Drainy. Will check it out.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...