Dashboards & Visualizations

How do I espace the string in the parameter passed as stringreplace value in Adv XML?

Motivator

Hi,

I am having difficulty in escaping string passed by $click.value2$ in advanced XML using drilldown.

I am trying to drilldown in a same view using drilldown and ContertToIntention (stringreplare).
Using following XML. The clicked value contains space and the likes ":", which need to be escaped.
* The value is mainly windows filename and filepath.

... some code ...
    <module name="SimpleResultsTable">
  <param name="drilldown">all</param>
  <param name="entityName">results</param>          
  <module name="SimpleResultsHeader">
    <param name="entityName">results</param>
    <param name="headerFormat">Clicked "$click.value2$"</param>
  </module> 
  <module name="HiddenSearch">
    <param name="search">sourcetype=mytype $file$</param>
    <module name="ConvertToIntention">
      <param name="intention">
        <param name="name">stringreplace</param>
        <param name="arg">
          <param name="file">
            <param name="value">file="$click.value2$"</param>
          </param>
        </param>
      </param>
      ... code continues ...

I tried to use CDATA around search string and stringreplaced string, but still no luck.
Is there any way that can do automatic escaping to $click.values2$"?

Any example would be appreciated.

Thanks,

1 Solution

SplunkTrust
SplunkTrust

The only way I know is to use Sideview Utils in the view. Sideview Utils patches the SimpleResultsTable class and fixes or improves several things, one of which is that if you're in a situation where you have to use the stringreplace intention, backslashes and other characters don't get backslash-escaped by stringreplace, so you get parse errors when you search for things.

Anyway if you're going to use Sideview Utils to address this one issue, then for the 4 legacy $click.foo$ keys like $click.name2$, Sideview Utils patches the module such that $click.name2$ and friends are backslash-escaped, and for headers and redirects, there is also a $click.rawName2$, that is not backslash-escaped. You can also of course use the Sideview Table module, which doesn't have the shortcoming in the first place.

Also, a nice side effect here, is that if you use the Sideview Search module instead of HiddenSearch, you don't need intentions at all. 😃 The docs can tell you more about all this and the docs are in the app itself.

one more note: if you happen to be talking about url-escaping, that's a slightly different topic but the app has good solutions there that I can tell you more about.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

The only way I know is to use Sideview Utils in the view. Sideview Utils patches the SimpleResultsTable class and fixes or improves several things, one of which is that if you're in a situation where you have to use the stringreplace intention, backslashes and other characters don't get backslash-escaped by stringreplace, so you get parse errors when you search for things.

Anyway if you're going to use Sideview Utils to address this one issue, then for the 4 legacy $click.foo$ keys like $click.name2$, Sideview Utils patches the module such that $click.name2$ and friends are backslash-escaped, and for headers and redirects, there is also a $click.rawName2$, that is not backslash-escaped. You can also of course use the Sideview Table module, which doesn't have the shortcoming in the first place.

Also, a nice side effect here, is that if you use the Sideview Search module instead of HiddenSearch, you don't need intentions at all. 😃 The docs can tell you more about all this and the docs are in the app itself.

one more note: if you happen to be talking about url-escaping, that's a slightly different topic but the app has good solutions there that I can tell you more about.

View solution in original post

0 Karma