hello all
i have created a dashboard for nessus report. the results are huge thus our users need to exclude some results
for example they need to exclude ssh and telnet vulnerability reports so they need a text field to type it and then in the background use as filed1!=ssh AND field2!=telnet.
my question is how to deploy this ? with only one input field and just type the string like " ssh telnet "
it it possible ? or any other solution ?
@haddad,
Try this
<form>
<fieldset submitButton="false" autoRun="false">
<input type="text" token="searchFilter">
<label>Filter</label>
</input>
</fieldset>
<search>
<query>|stats count|eval s=split("$searchFilter$"," ")|fields s| eval x=mvjoin(s,",")|fields x</query>
<done>
<set token="finalFilter">$result.x$</set>
</done>
</search>
<row>
<html>
<h1>your final search |search NOT field IN ($finalFilter$)</h1>
</html>
</row>
</form>