addterm before the original search terms

mauhumor · ‎11-03-2010

I am trying to 'reduce' a search scope using addterm :

<module name="HiddenSavedSearch" >
  <param name="savedSearch">Available machines</param>
  <module name="ExtendedFieldSearch">
      <param name="intention">
         <param name="name">addterm</param> 
         <param name="arg"> 
          <param name="clustergroup">
                <param name="default"></param>
            </param> 
         </param> 
         <param name="flags">
         <list>indexed</list>
         </param>
    </param>
</module>
</module>

The new 'term' is added to the end of the search 'Avaliable machines', is there a way to added a term to the begining of it, like a search filter ?

Ps: I am avoiding 'replace' and a placeholoder on the saved search because its also used without it.

sideview · ‎11-04-2010

Actually the

gkanapathy · ‎11-03-2010

No. You will need to use the stringreplace intention to do this. You may be able to replace the placeholder with an empty string, depending on what input type you are using.

mauhumor · ‎11-04-2010

That empty string trick did it. Thanks!

addterm before the original search terms

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!