All Apps and Add-ons
Highlighted

How to use CDATA in a search where the value contains an equals sign

Path Finder

I have a variable with an equals sign in it and I want to search on it. The equals sign seems to mess up the search. If I paste it in a CDATA string it doesn't seem to read the string either. If I manually put quotes around the actual value and use Search it works fine.

<module name="Search">
  <param name="search">$row.fields.pp_msgid$</param>
</modlue>

row.fields.pp_msgid=CAELFq+=4VHzpb97vrxLCwY2bqe5MM-P7BHMuCgz9CQ3zcQz_Pg@subdomain.domain.com

I tried the following but was unsuccessful.

<module name="Search">
  <param name="search"><![CDATA[$row.fields.pp_msgid$]]></param>
</module>

Can anyone suggest a way to search on the entire string? Or if I'm missing something with my CDATA line, can you help me out? Thanks.

0 Karma
Highlighted

Re: How to use CDATA in a search where the value contains an equals sign

SplunkTrust
SplunkTrust

I'm pretty sure you just want

<module name="Search">
  <param name="search">"$row.fields.pp_msgid$"</param>
</module>

You don't need to mess around with CDATA - that's actually for xml-unsafe characters in the param string, not for characters in the evaluated $foo$ token.

View solution in original post

Highlighted

Re: How to use CDATA in a search where the value contains an equals sign

Path Finder

Thanks!!!! That worked.

0 Karma