Hi, I have a performance metrics dashboard created in simple-xml, all tables/charts must be accessible when selecting 'open in search'.
I have found that all search strings containing a rex command toss a 403 access forbidden error when I try to 'open in search'. All other visuals work as expected when opening in search. When deconstructing the URL and removing the rex commands, I am able to refresh and successfully route to the search app.
Here is an example of a field extraction I perform using the rex command.
rex field=_raw "DOMAIN: (?<DOMAIN>.*)"
Are there known issues involved with the rex command and simple-xml? This seems like a character issue (specifically <>)? In code, I use & lt; & gt ; (without spacing) to represent, these are converted to <> in the URI. I need them to stay as html character entities in the URI to successfully 'open in search', not be converted to <>.
Any thoughts or suggestions???
I found this issue has been resolved when upgrading to Splunk 6.2.
I never found a fix item that matched this issue description, but I imagine it was a known Splunk issue as it has been resolved.
I found this issue has been resolved when upgrading to Splunk 6.2.
I never found a fix item that matched this issue description, but I imagine it was a known Splunk issue as it has been resolved.
Many thanks. But we have the upgraded version 6.2.3. But still no luck 😞
Any ideas regarding this. is it known Splunk issue?