Re: Direct HTML drilldown breaks %-character encod...

nick405060 · ‎04-13-2020

I would like to drilldown. If I use the drilldown editor and set to auto, this works, but this is unacceptable because we need the link to open in a new tab. So I tried setting the drilldown editor to custom, which I've done a thousand times before including with other drilldowns on the dashboard I am having problems with. However for one specific drilldown, the custom drilldown made it so only a blank search would open in the new tab. In response I followed https://answers.splunk.com/answers/621427/custom-drilldown-search-not-working.html and coded the non-tokenized precise HTML link directly into my SimpleXML.

However the encoding of the % character breaks on click. Literally if I copy and paste the drilldown HTML code from SimpleXML into my browser, it works, but not if I click to drilldown. Splunk Answer #621427 deals with the drilldown editor breaking %-character encoding, but this is a HTML drilldown breaking %-character encoding.

Any assistance?

SimpleXML: <base search> | where NOT duo_status="Active" | stats count(eval(isnull(mobile))) as nonairwatch_duo_inactive custom drilldown works

SimpleXML: <base search> | eval last_vpn_access=strptime(last_vpn_access,"%Y-%m-%d %H:%M:%S") custom drilldown breaks
SimpleXML drilldown HTML link: ... %20%7C%20eval%20last_vpn_access=strptime(last_vpn_access,%22%25Y-%25m-%25d%20%25H:%25M:%25S%22) correct syntax
Browser URL when clicked: https:// ... %20|%20eval%20last_vpn_access=strptime(last_vpn_access,"%Y-%m-%d%20%H:%M:%S") incorrect syntax

nick405060 · ‎05-20-2020

In addition, Splunk fails to encode ? in 7.2.0 HTML IN the SimpleXML HTML drilldown link. It leaves it as ? and does not properly encode the %3F. There are many other HTML encoding issues in 7.2.0 HTML e.g. it will randomly insert "%0A" and break the drilldown

nick405060 · ‎04-20-2020

This is a possible solution. I have not tried it yet

Gregg Woodcock:church: 6:13 PM
Did you try the filters like |u and |n and |s?

Nick 4:09 PM
no, mind explaining further @Gregg Woodcock?

Gareth Anderson 5:24 PM
Token filters
Token filters ensure that you correctly capture the value of a token.
FilterDescriptionWrap value in quotes
$token_name|s$Ensures that quotation marks surround the value referenced by the token. Escapes all quotation characters, ", within the quoted value.HTML format
$token_name|h$Ensures that the token value is valid for HTML formatting.
Token values for the element use this filter by default.
URL format
$token_name|u$Ensures that the token value is valid to use as a URL.
Token values for the element use this filter by default.
Specify no character escaping
$token_name|n$Prevents the default token filter from running. No characters in the token are escaped.
5:24
https://docs.splunk.com/Documentation/Splunk/8.0.3/Viz/tokens

kamlesh_vaghela · ‎04-13-2020

@nick405060

Can you please share your sample code?

Direct HTML drilldown breaks %-character encoding on click?

drilldown

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Join the Conversation