Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HTML Dashboard - Clarification on the search

Jananee_iNautix
Path Finder
‎04-30-2014 06:14 AM

A HTML Dashboard is created that has five textboxes and one search button.When the search button is clicked,the values given in the textboxes get replaced in the search query and search will run displaying the results.Here,the search will produce the result only when ALL THE FIVE TEXTBOXES are supplied with the value.

If any of five textboxes information is provided, currently the error message dispalyed is "Search query fully not resolved" in the result panel.
Is it possible to run the search successfully providing few of the five textboxes info.

For example,
There are three textboxes named Filename, Server ,Service and one Search button.The search involved to display the results is as
"main search query"|search Filename=$Filename Server=$server$ Service=$service$.

When all the three values are supplied, the given values get replaced in the search query and the results are displayed with no issues.

But only if two of th three (or) one of the three textboxes are supplied with value and others being left blank,the search query is not working.Is there any way to make the search query work with minimal fields supplied with values?

Tags (1)
0 Karma
Reply

aholzer
Motivator
‎04-30-2014 06:47 AM

You need to define a default value for the search to have when nothing is set.

Here's the code to do it with in simple xml:

    <input type="text" token="Filename">
      <label>Enter a Filename:</label>
      <default>*</default>
    </input>

This is how you do it inside an HTML:

 <div class="fieldset">
    <div class="input input-text" id="field1">
        <label>Enter an integer N:</label>
    </div>
    <div class="input form-submit" id="search_btn">
        <button class="btn btn-primary submit">Search</button>
    </div>
</div>

And you set the default value with javascript:

var field1 = new TextInput({
            "id": "field1",
            "default": "1",
            "value": "$form.limit$",
            "el": $('#field1')
        }, {tokens: true}).render();

Hope this helps.

Note that you can find a lot of examples like the above from the example dashboards app that Splunk has available for downloads.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...