topic Re: query with taken safe in Dashboards & Visualizations

query with taken safe

Federica_92 — Mon, 16 Mar 2015 14:36:15 GMT

Hi everyone, I'm trying to do a query using eval, and a token value:
....
var id = $(cb).attr('id');
tokens.set("mytoken", id);

But the query is not working, if instead of write "mytoken" in the eval condition, I write it at the place of the * the query works. Any suggestion?

  var SearchManager_button = require("splunkjs/mvc/searchmanager");
  new SearchManager_button({
                    id: "mysearch-button",
                    search: mvc.tokenSafe ("*| eval output=$mytoken$ | fields output |outputlookup wildcard_read.csv")
            });

Re: query with taken safe

dfoster_splunk — Mon, 16 Mar 2015 17:25:16 GMT

"mvc.tokenSafe :(" is not valid syntax. You have an extra colon. Please check JS console for errors.

Re: query with taken safe

Federica_92 — Wed, 18 Mar 2015 11:02:59 GMT

Sorry, you are right, I have correct the syntax, but I have still the same problem, I have got that I cannot use :

 | eval output=$radiogroup$

So, I cannot use the tokensafe in the second part of the query but I don't understand the reason.
Let me know, if you will have any ideas, thank you

Re: query with taken safe

dfoster_splunk — Wed, 18 Mar 2015 18:59:56 GMT

So, I cannot use the tokensafe in the second part of the query

I do not understand what you mean by this. It is valid to pass an expression of the form tokensafe("SEARCH_STRING") to a setting for a SearchManager.

Depending on how much you are omitting from your example, you may need to update "submitted" token model in addition to the "default" token model. Any SearchManager emitted from Simple XML will be bound to the "submitted" token model by default. However the code example you provide doesn't have the SearchManager bound to "submitted", so this may not be your issue.

Re: query with taken safe

Federica_92 — Thu, 19 Mar 2015 11:20:04 GMT

I mean, if I use $radiougroup$ before of the pipe " | " My query read the value of the token, instead if I use the pipe, and next eval, my query doesn't recognize it.

I have tried to add this part :
{tokens: true, tokenNamespace: "submitted"}

Based of the submitted models, but still doesn't work

Re: query with taken safe

dfoster_splunk — Thu, 19 Mar 2015 17:21:15 GMT

Check your spelling. $radiogroup$ != $radiougroup$.

If you add {tokenNamespace: "submitted"} then updating the "default" model, as you current code does, will have no effect. You probably don't want {tokenNamespace: "submitted"}.

Re: query with taken safe

Federica_92 — Fri, 20 Mar 2015 09:17:09 GMT

I have done a spelling mistake writing here, but in the code is correct, the name of the token is always the same per recurrence.
How can I solve this?

Re: query with taken safe

dfoster_splunk — Fri, 20 Mar 2015 17:50:43 GMT

Based on the information provided I don't see anything you're doing incorrectly.

Sounds like you need some hands-on debugging assistance. If you have Support contract with Splunk I would suggest opening up a Support case.

Re: query with taken safe

Federica_92 — Mon, 23 Mar 2015 09:27:42 GMT

I don't think something like that, I'm sure that there will be a different syntax to use the value $mytoken$ in a position that is not the first in the query