I have a simple xml form, and one input is used to allow the user to filter search results.
The field used to filter is full of windows file paths that use backslashes.
I don't want my users to escape their backslashes in their text input.
eval t_dfs_path = replace("$t_dfs_path$", "\\\\", "\\\\") | eval t_dfs_path = "*".t_dfs_path."*" | search dfs_path = t_dfs_path
@dfoster_splunk this worked great! Thank you!
I had tried everything else I could think of to escape so users could input searches into a dashboard input that outputs to a lookuptable. This fixed it. I wonder if the issue norskedm was having was if you try to add it to the search, but not through the XML, it didn't seem to work.
Use the |s filter for tokens to escape them for use in search strings:
<searchString>filepath=$filepath|s$</searchString>
Hmm. Works for me. I generated data by running the search 'index=_internal | head 2 | eval file="foo.txt" | eval path="C:\Windows\" | outputcsv output.csv'. Then I created a dashboard with a form input bound to $path$ and a table powered by the search '| inputcsv output.csv | search path=$path|s$'. If I type 'C:\Windows\' in the text field and press enter. I get the result I was expecting. Tested on Splunk 6.1.3.
Blast. This site is deleting backslashes in my response. See the unadulterated form here: https://gist.github.com/davidfstr/79477ece71c8056d745d
That doesn't seem well documented, but form what I can tell it escapes quotes. Is it supposed to escape the backslash character? In any case it's not working, no results are returned.