Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to put SearchBar & HiddenSearch module to work together ?

leo_wang
Path Finder
‎09-16-2010 10:25 AM

Hello,

I want to design an Form Seach which has a SearchBar on it to let user input their search keyords. And in this Form Search, I still want to has my own HiddenSearch to work together to do some extra jobs ( lookup or eval some fields) and filter the search results.

I had tried it but it seems that "SearchBar" & "HiddenSearch" can't work together, Is my idea possible ?

Regards,

Leo

Tags (1)
Reply

thall79
Communicator
‎09-16-2010 02:25 PM

Have you tried looking at Splunk.Module.TextSetting? For example I have a 2 TextSetting modules setup so that I can input a number for span of minutes and a number to filter out login attemps. I normally set it so I can see in a time span of 10 minutes to see failed login attemps and only show me users who have done it 3 or more times.

Here is the section for the TextSetting that I use to feed my hidden searches. 

  <module name="TextSetting" layoutPanel="panel_row1_col1_grp1">
   <param name="elementName">total_input</param>
   <param name="settingName">total_setting</param>
   <param name="label">Filter by Total:</param>

   <module name="ConvertToIntention">
    <param name="settingToConvert">total_setting</param>
    <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="total">
        <param name="value">$target$</param>
       </param>
      </param>
     </param>

Then in my hidden search I use:

| search Total>$total$

at the end of my search string to control that filter. So maybe you could have that TextSetting box feed the search part of the string of multiple HiddenSearch modules to give you different outputs with SimpleResultsTable, SimpleEventsViewer or a FlashChart.

Only problem I could see is the size of the box used to enter you search string. It's not that big on my dashboard (about 20 characters wide).

travis.

0 Karma
Reply

leo_wang
Path Finder
‎09-23-2010 03:22 PM

Thanks for your response, I had tried this, but the TextSetting module handle just one input value, what I want is the function like SearchBar fields, user can put multiple keywords in it (as many as they want....) and filters the search results.

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...