Solved: How to avoid "search is waiting for input...", eve...

shrirangphadke · ‎07-14-2015

Hi,

Sorry if my question is repeated or too naive.

I have a text input field accepting "Module name".
It works perfectly when value is given to that field.
But if that field is kept blank, I get message on graph saying "Search is waiting for input..."

I would like to achieve following:
1. If user enters value, it should be used for the search
2. If user does not include any value, I don't want to include that in search and the search should go ahead and run without that value.

MuS · ‎07-14-2015

Hi shrirangphadke,

take this run everywhere dashboard as example:

<form>
  <label>run search based on button</label>
  <fieldset submitButton="false">
    <input type="text" token="field1">
      <default>*</default>
      <prefix>sourcetype="</prefix>
      <suffix>"</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Search being run: index=_internal $$field1$$</title>
      <event>
        <search>
          <query>index=_internal $field1$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="list.drilldown">full</option>
        <option name="list.wrap">1</option>
        <option name="maxLines">5</option>
        <option name="raw.drilldown">full</option>
        <option name="rowNumbers">0</option>
        <option name="table.drilldown">all</option>
        <option name="table.wrap">1</option>
        <option name="type">list</option>
        <fields>["host","source","sourcetype"]</fields>
      </event>
    </panel>
  </row>
</form>

The trick is to use a default option which is here a * so it will search be default for sourcetype="*" or what ever is entered by the user.

Hope this helps ...

cheers, MuS

View solution in original post

carbdb · ‎04-17-2023

give that field to search for a default value which is not appearing in the list (you will need to use the dashboard sourcecode editor).

<input type="checkbox" token="field10">
<label>Aufteilung</label>
<choice value="inst">System.Touchpoint</choice>
<choice value="datasource">Lauf</choice>
<choice value="robotId">Client</choice>
<delimiter>.".".</delimiter>
<default>x</default>
</input>

in the search query use an if to set your own default:

...

| eval x=inst | eval gruppe=$field10$
| timechart $field3$(awz) by gruppe</query>

bcatwork · ‎08-17-2017

I encountered this issue today. Far too late to help you, but perhaps someone else will stumble upon this topic..

The answer is to explicitly state an empty default in the source code. You do not seem to be able to apply and empty default from the edit UI.

My use case was with an empty text input. Without an empty default, the reliant searches will hold on 'waiting for input'..

    <input type="text" token="string" searchWhenChanged="false">
      <label>Exclude String:</label>
      <default></default>

Adding the empty default did the trick. Whenever I make changes to this input via the UI, the default is overwritten however. FYI.

jboselly · ‎12-31-2019

Great trick!

Just wanted to note that it appears if you use "Token Value Prefix" and/or "Token Value Suffix" this will not work, it makes is so the input value can never be NULL.

So if you had a query like:
index=syslog $input$

With:
Token Value Prefix = A
Token Value Suffix = B

You'd end up with:
index=syslog AB

"Token Prefix", "Token Suffix" and "Delimiter" work fine.

MuS · ‎07-14-2015

Hi shrirangphadke,

take this run everywhere dashboard as example:

<form>
  <label>run search based on button</label>
  <fieldset submitButton="false">
    <input type="text" token="field1">
      <default>*</default>
      <prefix>sourcetype="</prefix>
      <suffix>"</suffix>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Search being run: index=_internal $$field1$$</title>
      <event>
        <search>
          <query>index=_internal $field1$</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="list.drilldown">full</option>
        <option name="list.wrap">1</option>
        <option name="maxLines">5</option>
        <option name="raw.drilldown">full</option>
        <option name="rowNumbers">0</option>
        <option name="table.drilldown">all</option>
        <option name="table.wrap">1</option>
        <option name="type">list</option>
        <fields>["host","source","sourcetype"]</fields>
      </event>
    </panel>
  </row>
</form>

The trick is to use a default option which is here a * so it will search be default for sourcetype="*" or what ever is entered by the user.

Hope this helps ...

cheers, MuS

gerrytan · ‎03-09-2021

The problem with this approach is by specifying fieldname="*" the field with fieldname has to exist, it will exclude log entry that does not contain fieldname.

itishree · ‎08-10-2020

i have tried but still facing same issue

itishree · ‎08-10-2020

still facing same issue

shrirangphadke · ‎07-14-2015

Hi @Mus,

Thank you for answer!
Yes right. I have already implemented it using default value as * (asterix)
But that includes * (asterix) in the text input field which I was trying to avoid. Thus I wanted to go ahead with the search if user does not enter any value by excluding that field input.
Anyways thanks for the answer

How to avoid "search is waiting for input...", even if a user does not include a value in a text input field?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes