How to edit my Simple XML to contain an absolute u...

vectra_tme · ‎12-16-2016

I have done some searching and have not been successful in getting this to work. Most of the examples assume you will be providing the base url and appending the value. In this case, I have a column that contains an absolute URL (https://...) and have added the following to my simple XML, but when I click on it, it prepends the Splunk URL

      <condition field="Host Details">
        <link target="_blank">
          <![CDATA[$click.value2$]]>
        </link>
      </condition>

I have also tried using [https://$click.value2$] but then it prepends https:// so I get https://https://...

I am sure it is something small that I am missing. Any help is greatly appreciated.

frobinson_splun · ‎12-16-2016

Hi @vectra_tme,
We have a "no encoding" token filter that you might try with the token you are using to represent the absolute URL.

For example:

<link>
$my_token|n$
</link>

See:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/tokens#Token_filters

Hope this helps! Let me know if not.

somesoni2 · ‎12-16-2016

I don't think there is a native method to so (redirect to absolute URL available in field value). There are some workarounds (see the first and last answer) here. Other option is to remove https:// in the field value, so that wen the link module appends its https://, its a valid URL.

How to edit my Simple XML to contain an absolute url in drilldowns?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?