I have a simple xml form, and one input is used to allow the user to filter search results.
The field used to filter is full of windows file paths that use backslashes.
I don't want my users to escape their backslashes in their text input.
eval t_dfs_path = replace("$t_dfs_path$", "\\\\", "\\\\") | eval t_dfs_path = "*".t_dfs_path."*" | search dfs_path = t_dfs_path
@dfoster_splunk this worked great! Thank you!
I had tried everything else I could think of to escape so users could input searches into a dashboard input that outputs to a lookuptable. This fixed it. I wonder if the issue norskedm was having was if you try to add it to the search, but not through the XML, it didn't seem to work.
Hmm. Works for me. I generated data by running the search 'index=_internal | head 2 | eval file="foo.txt" | eval path="C:\Windows\" | outputcsv output.csv'. Then I created a dashboard with a form input bound to $path$ and a table powered by the search '| inputcsv output.csv | search path=$path|s$'. If I type 'C:\Windows\' in the text field and press enter. I get the result I was expecting. Tested on Splunk 6.1.3.
That doesn't seem well documented, but form what I can tell it escapes quotes. Is it supposed to escape the backslash character? In any case it's not working, no results are returned.