Dashboards & Visualizations

How to prevent URL encoding of an external field in my Simple XML dashboard drilldown?

Explorer

Really simple (or should be simple) question.

Using a Simple XML Dashboard, I have the following:

      <table>
        <title>Something</title>
        <search>
          <query>source="http-simple" | spath "PerfectoTest.methodName" | search "PerfectoTest.methodName"=StoreFinder | eval stepStatus=spath(_raw, "PerfectoTest.methods.Starbucks v1.Steps{}.stepStatus") | eval overallTestStatus=spath(_raw,"PerfectoTest.testStatus") | eval TestReport=spath(_raw,"PerfectoTest.reportKey") | bucket _time span=1h | stats first(TestReport) as reportLink</query>
          <earliest>0</earliest>
          <latest></latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <link>https://somewhere.co/?reportRepositoryKey=$click.value$</link>
        </drilldown>
      </table>

Where the field that is clicked contains an unencoded URL.

URLValue=PUBLIC:location/sublocation_something.xml

The combined url should look like:

xxxx://somewhere.co/?reportRepositoryKey=PUBLIC:location/sublocation_something.xml

What's actually happening is the / and : in the URLValue are being encoded by Splunk prior to inserting into the link, and then the link is passing the encoded URL to the final destination resulting in a url that looks like this:

xxxx://somewhere.co/?reportRepositoryKey=PUBLIC%3location%2sublocation_something.xml

How can I stop the auto-encoding from the drilldown function?

Splunk Employee
Splunk Employee

If you are using v6.5, there is a new token filter to force no encoding:

<link>https://somewhere.co/?reportRepositoryKey=$click.value|n$</link>

Explorer

Nudge any suggestions?

0 Karma

SplunkTrust
SplunkTrust

Try something like this in your drilldown tag.

  <drilldown>
           <link> <![CDATA[  https://somewhere.co/?reportRepositoryKey=$click.value2$ ]]></link>
         </drilldown>
0 Karma

Explorer

I just tried the above and the result is the same 😞

It seems Splunk parses and encodes the ':' & '/' prior to parsing the CDATA command. Its really strange that its not importing the raw value into the string its building.

0 Karma

New Member

Is there a work around to avoid splunk to encode ':' & '/' prior to parsing the CDATA command or the value for link html tag?

0 Karma

Splunk Employee
Splunk Employee

Hi @alaztiest,
You might also want to try HTML entities to escape these characters:

See
http://docs.splunk.com/Documentation/Splunk/6.5.0/Viz/OverviewofSimplifiedXML#Special_characters_in_...

Hope this helps!

0 Karma