I have XML files that have been indexed. Some of the fields in the XML contain HTML formatted text. When I display these fields using the Sideview Utils HTML module I want to render the HTML, so that headers, list items, text formatting, break tags, hyperlinks, etc. are properly displayed. Can this be done?
I have tried in the search to replace < with &1t; etc. but Splunk throws an invalid tag error. A portion of the XML looks like this.
<p>1. This is a combined synopsis/solicitation for commercial items prepared in accordance with FAR XYZ, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued.</p>
<p>2. Solicitation number is 123-456-7890 and is being issued as a Request for Quotes (RFQ).</p>
<p>3. The solicitation document and incorporated provisions and clauses are those in effect through Circular <b>ANGR-15</b>, effective 30 Sep 2013</p>
<p>4. The associated code is 415XRZ. This procurement is not asmall business set aside.</p>
<p>5. Military Command (MC), Yourtown, USA intends to award a sole source firm fixed price purchase order to Some Comapny for the following services provided by an authorized technical representative:</p>
<p>The requested period of performance for the below service is 29 - 31 February 2019. Location: Some Place</p>
<p><b>ABSTRACT</b><br />This item describes technical representative services to inspect and certify stuff</p>
creepy. but I'm glad it's working! For what it's worth I was never able to reproduce the problem locally and I've never heard about it from anyone else. HTML module is used for such things very commonly.
Ah, so is the
<DESC> Also part of the value that you're displaying in the HTML module?
By default the HTML module does not escape HTML markup in $foo$ tokens (you can have it escape markup in particular tokens via the
Here you want the paragraph tags and bold tags to render, which they will. However the browser will look at the
<DESC> tag, and since it has no idea what that is, it will ignore it entirely. So this entire value will not render in any way.
Normally in this situation where you're displaying values from indexed XML the XML markup would not be a part of the HTML string you're displaying.
Assuming I'm right, and the
<DESC> is a part of the displayed string here, I would tinker with field extraction, or worst case scenario do some
| eval foo=replace(foo,"<DESC>","") to get those out of there. Then if you want to put it back in the final output, you can just put it in as an escaped prefix and suffix in the HTML module itself.
OK. I'm not sure what I'm missing. But here, I created this testcase view:
<module name="SearchBar" layoutPanel="panel_row1_col1" autoRun="True"> <module name="HTML"> <param name="html"><![CDATA[ Description is <br> $results.Description$ ]]></param> </module> </module>
and I paste this search into the SearchBar
| stats count | eval _raw = "<MOD><DESC><![CDATA[<p><b>ABSTRACT</b><br />This item describes technical representative services to inspect and certify stuff</p>]]></DESC></MOD>" | spath output=Description path=MOD.DESC
and the bold tag renders, etc...
I think you've got something weird going on at some other level. I would check assumptions and try and simplify your testcase to troubleshoot. If you put a
<module name="Table"/> in there, what does it say the "Description" field is right there. Also check your Sideview Utils version. At any rate I can't make this not work. =/ html markup in HTML modules always gets rendered by the browser.
<DESC> is the XML tag for the Description that is displayed.It is extracted in the search like this
| spath output=Description path=MOD.DESC
The entire description displayed but the HTML does not render.
Check your email for a partial screenshot.