All Apps and Add-ons

Using $foo$ to link views together in HTML module

ahall_splunk
Splunk Employee
Splunk Employee

I am trying to combine a Pulldown with a HTML module to link to another module. Here is the code:

    <module name="TextField" layoutPanel="panel_row1_col1_grp1" autoRun="True">
        <param name="name">database</param>
        <param name="width">400px</param>
        <param name="label">Database Name: </param>

        <module name="HTML" layoutPanel="panel_row1_col1_grp1" autoRun="True">
            <param name="html"><![CDATA[<p>Information about this database is also available in the <a href="other_dashboard?database=$database$">Other Dashboard</a> page.</p>]]></param>
        </module>

Unfortunately, the $database$ is not represented properly when rendering, causing the wrong selection in the other dashboard. Specifical a single back-slash is replaced by a double back-slash, so WIN-SERVER\database becomes WIN-SERVER\\database.

How can I fix this?

1 Solution

sideview
SplunkTrust
SplunkTrust

When you're using a key in a Search or PostProcess module, you will want to use $database$, and backslashes in the value will automatically get escaped as you see.

However, when you're specifying a key for the Redirector module, putting a key directly in an anchor tag like this within an HTML module, or in any way specifying something that ends up in a URL, you always want to use the "rawValue" version instead -- in this case $database.rawValue$.

This is covered in the Sideview Utils documentation, and in a little more detail than I'm giving here. Within the app menu, go to

"key techniques > linking views together"

There are several pages in there and note that on the second page the notes talk about the importance of $foo$ vs $foo.rawValue$ and how this relates to backslash-escaping.

Also, to anyone else reading, if you've only read the reference documentation in /en-US/modules, make sure to go back and read through the actual documentation in the app itself because there is a lot of important information there, so much that important details are fairly easy to miss the first time through.

Hope this helps.

View solution in original post

0 Karma

sideview
SplunkTrust
SplunkTrust

When you're using a key in a Search or PostProcess module, you will want to use $database$, and backslashes in the value will automatically get escaped as you see.

However, when you're specifying a key for the Redirector module, putting a key directly in an anchor tag like this within an HTML module, or in any way specifying something that ends up in a URL, you always want to use the "rawValue" version instead -- in this case $database.rawValue$.

This is covered in the Sideview Utils documentation, and in a little more detail than I'm giving here. Within the app menu, go to

"key techniques > linking views together"

There are several pages in there and note that on the second page the notes talk about the importance of $foo$ vs $foo.rawValue$ and how this relates to backslash-escaping.

Also, to anyone else reading, if you've only read the reference documentation in /en-US/modules, make sure to go back and read through the actual documentation in the app itself because there is a lot of important information there, so much that important details are fairly easy to miss the first time through.

Hope this helps.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...