Hi all,
I am trying to create a custom alert action, trying to add any validation to the ui fields doesnt work.
I am trying to test to see if a field has been left empty, my restmap.conf contains:
[validation:savedsearch]
action.myaction.param.title = validate( len(trim('action.myaction.param.title')) > 0), "Title cannot be empty")
I have also tried
action.myaction.param.title = validate( isnotnull('action.myaction.param.title'), "Title cannot be empty")
and
action.myaction.param.title = validate( match('action.myaction.param.title',"^\w+"), "Title cannot be empty")
and a bunch of others that I thought would have been false for an empty ui field, and therefore trigger the error message. The alert was able to be saved regardless if the ui field had any text in it or not.
Does anyone have any ideas of how to check for an empty ui field in an a custom alert action?
thanks
Can you please try below restmap.conf ? In below example I assume that your alert_actions.conf contains stanza with heading [myaction]
[validation:savedsearch]
action.myaction = case('action.myaction' != "1", null(), 'action.myaction.param.title' == "action.myaction.param.title" OR 'action.myaction.param.title' == "", "Title cannot be empty", 1==1, null())
Can you please try below restmap.conf ? In below example I assume that your alert_actions.conf contains stanza with heading [myaction]
[validation:savedsearch]
action.myaction = case('action.myaction' != "1", null(), 'action.myaction.param.title' == "action.myaction.param.title" OR 'action.myaction.param.title' == "", "Title cannot be empty", 1==1, null())
That is working! Thanks very much.
Am I understanding this correctly, to check for a null/empty field you need to check when the alert is saved i.e. 'action.myaction' not on the field itself 'action.myaction.param.title'?
How should I validate multiple parameter values using above logic? I wrote something like below in restmap.conf but its not working and giving error even if the data is entered.
[validation:savedsearch]
action.snow_webhook = case('action.snow_webhook' != "1", null(), 'action.snow_webhook.param.url' == "action.snow_webhook.param.url" OR 'action.snow_webhook.param.url' == "", "No Webhook URL specified", 1==1, null())
action.snow_webhook = case('action.snow_webhook' != "1", null(), 'action.snow_webhook.param.assignment_group' == "action.snow_webhook.param.assignment_group" OR 'action.snow_webhook.param.assignment_group' == "", "Assignment Group cannot be empty", 1==1, null())
action.snow_webhook = case('action.snow_webhook' != "1", null(), 'action.snow_webhook.param.service_offering' == "action.snow_webhook.param.service_offering" OR 'action.snow_webhook.param.service_offering' == "", "Service Offering cannot be empty", 1==1, null())
action.snow_webhook = case('action.snow_webhook' != "1", null(), 'action.snow_webhook.param.description' == "action.snow_webhook.param.description" OR 'action.snow_webhook.param.description' == "", "Description cannot be empty", 1==1, null())
action.snow_webhook.param.url = validate(match('action.snow_webhook.param.url', "^https?://[^\s]+$"), "Webhook URL is invalid")
@santosh_sshanbhag please post new question
Ok, posted a new thread as
'How to add validation for multiple parameters in custom alert action'
Please help if you are aware of the solution.
Yes you are correct
Your configurations for validation of parameter on alert ui is correct. You are looking for empty value right!
Did you try with isnull method?
i tried using isnull as well...
the only validations i could get doing anything at all:
action.myaction.param.title = validate( 1!=1 , 'just give me an error')
which always gave an error
action.myaction.param.title = validate( 'action.myaction.param.title' == "1" , "title is not 1")
which would give an error when i made the title box 1
it felt like if i used a eval function, the validation doesnt work. with this, i also thought the paramater name might be reserved, so i tried everything again using "..mytitle" instead of "..title" with no luck.
After changing restmap.conf, have you restarted splunk ?
yes, each time restmap.conf is changed, I am restarting splunk