Dashboards & Visualizations
Highlighted

Direct HTML drilldown breaks %-character encoding on click?

Motivator

I would like to drilldown. If I use the drilldown editor and set to auto, this works, but this is unacceptable because we need the link to open in a new tab. So I tried setting the drilldown editor to custom, which I've done a thousand times before including with other drilldowns on the dashboard I am having problems with. However for one specific drilldown, the custom drilldown made it so only a blank search would open in the new tab. In response I followed https://answers.splunk.com/answers/621427/custom-drilldown-search-not-working.html and coded the non-tokenized precise HTML link directly into my SimpleXML.

However the encoding of the % character breaks on click. Literally if I copy and paste the drilldown HTML code from SimpleXML into my browser, it works, but not if I click to drilldown. Splunk Answer #621427 deals with the drilldown editor breaking %-character encoding, but this is a HTML drilldown breaking %-character encoding.

Any assistance?

SimpleXML: <base search> | where NOT duo_status="Active" | stats count(eval(isnull(mobile))) as nonairwatch_duo_inactive custom drilldown works

SimpleXML: <base search> | eval last_vpn_access=strptime(last_vpn_access,"%Y-%m-%d %H:%M:%S") custom drilldown breaks
SimpleXML drilldown HTML link: ... %20%7C%20eval%20last_vpn_access=strptime(last_vpn_access,%22%25Y-%25m-%25d%20%25H:%25M:%25S%22) correct syntax
Browser URL when clicked: https:// ... %20|%20eval%20last_vpn_access=strptime(last_vpn_access,"%Y-%m-%d%20%H:%M:%S") incorrect syntax

Labels (1)
0 Karma
Highlighted

Re: Direct HTML drilldown breaks %-character encoding on click?

SplunkTrust
SplunkTrust

@nick405060

Can you please share your sample code?

0 Karma
Highlighted

Re: Direct HTML drilldown breaks %-character encoding on click?

Motivator

This is a possible solution. I have not tried it yet

Gregg Woodcock:church: 6:13 PM
Did you try the filters like |u and |n and |s?

Nick 4:09 PM
no, mind explaining further @Gregg Woodcock?

Gareth Anderson 5:24 PM
Token filters
Token filters ensure that you correctly capture the value of a token.
FilterDescriptionWrap value in quotes
$tokenname|s$Ensures that quotation marks surround the value referenced by the token. Escapes all quotation characters, ", within the quoted value.HTML format
$token
name|h$Ensures that the token value is valid for HTML formatting.
Token values for the element use this filter by default.
URL format
$tokenname|u$Ensures that the token value is valid to use as a URL.
Token values for the element use this filter by default.
Specify no character escaping
$token
name|n$Prevents the default token filter from running. No characters in the token are escaped.
5:24
https://docs.splunk.com/Documentation/Splunk/8.0.3/Viz/tokens

0 Karma
Highlighted

Re: Direct HTML drilldown breaks %-character encoding on click?

Motivator

In addition, Splunk fails to encode ? in 7.2.0 HTML IN the SimpleXML HTML drilldown link. It leaves it as ? and does not properly encode the %3F. There are many other HTML encoding issues in 7.2.0 HTML e.g. it will randomly insert "%0A" and break the drilldown

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.