Dashboards & Visualizations

query with taken safe

Communicator

Hi everyone, I'm trying to do a query using eval, and a token value:
....
var id = $(cb).attr('id');
tokens.set("mytoken", id);

But the query is not working, if instead of write "mytoken" in the eval condition, I write it at the place of the * the query works. Any suggestion?

  var SearchManager_button = require("splunkjs/mvc/searchmanager");
  new SearchManager_button({
                    id: "mysearch-button",
                    search: mvc.tokenSafe ("*| eval output=$mytoken$ | fields output |outputlookup wildcard_read.csv")
            });
Tags (3)
0 Karma

Splunk Employee
Splunk Employee

"mvc.tokenSafe :(" is not valid syntax. You have an extra colon. Please check JS console for errors.

0 Karma

Communicator

Sorry, you are right, I have correct the syntax, but I have still the same problem, I have got that I cannot use :

 | eval output=$radiogroup$

So, I cannot use the tokensafe in the second part of the query but I don't understand the reason.
Let me know, if you will have any ideas, thank you

0 Karma

Splunk Employee
Splunk Employee

So, I cannot use the tokensafe in the second part of the query

I do not understand what you mean by this. It is valid to pass an expression of the form tokensafe("SEARCH_STRING") to a setting for a SearchManager.

Depending on how much you are omitting from your example, you may need to update "submitted" token model in addition to the "default" token model. Any SearchManager emitted from Simple XML will be bound to the "submitted" token model by default. However the code example you provide doesn't have the SearchManager bound to "submitted", so this may not be your issue.

0 Karma

Communicator

I mean, if I use $radiougroup$ before of the pipe " | " My query read the value of the token, instead if I use the pipe, and next eval, my query doesn't recognize it.

I have tried to add this part :
{tokens: true, tokenNamespace: "submitted"}

Based of the submitted models, but still doesn't work

0 Karma

Splunk Employee
Splunk Employee

Check your spelling. $radiogroup$ != $radiougroup$.

If you add {tokenNamespace: "submitted"} then updating the "default" model, as you current code does, will have no effect. You probably don't want {tokenNamespace: "submitted"}.

0 Karma

Communicator

I have done a spelling mistake writing here, but in the code is correct, the name of the token is always the same per recurrence.
How can I solve this?

0 Karma

Splunk Employee
Splunk Employee

Based on the information provided I don't see anything you're doing incorrectly.

Sounds like you need some hands-on debugging assistance. If you have Support contract with Splunk I would suggest opening up a Support case.

0 Karma

Communicator

I don't think something like that, I'm sure that there will be a different syntax to use the value $mytoken$ in a position that is not the first in the query

0 Karma