Dashboards & Visualizations

query with taken safe

Federica_92
Communicator

Hi everyone, I'm trying to do a query using eval, and a token value:
....
var id = $(cb).attr('id');
tokens.set("mytoken", id);

But the query is not working, if instead of write "mytoken" in the eval condition, I write it at the place of the * the query works. Any suggestion?

  var SearchManager_button = require("splunkjs/mvc/searchmanager");
  new SearchManager_button({
                    id: "mysearch-button",
                    search: mvc.tokenSafe ("*| eval output=$mytoken$ | fields output |outputlookup wildcard_read.csv")
            });
Tags (3)
0 Karma

dfoster_splunk
Splunk Employee
Splunk Employee

"mvc.tokenSafe :(" is not valid syntax. You have an extra colon. Please check JS console for errors.

0 Karma

Federica_92
Communicator

Sorry, you are right, I have correct the syntax, but I have still the same problem, I have got that I cannot use :

 | eval output=$radiogroup$

So, I cannot use the tokensafe in the second part of the query but I don't understand the reason.
Let me know, if you will have any ideas, thank you

0 Karma

dfoster_splunk
Splunk Employee
Splunk Employee

So, I cannot use the tokensafe in the second part of the query

I do not understand what you mean by this. It is valid to pass an expression of the form tokensafe("SEARCH_STRING") to a setting for a SearchManager.

Depending on how much you are omitting from your example, you may need to update "submitted" token model in addition to the "default" token model. Any SearchManager emitted from Simple XML will be bound to the "submitted" token model by default. However the code example you provide doesn't have the SearchManager bound to "submitted", so this may not be your issue.

0 Karma

Federica_92
Communicator

I mean, if I use $radiougroup$ before of the pipe " | " My query read the value of the token, instead if I use the pipe, and next eval, my query doesn't recognize it.

I have tried to add this part :
{tokens: true, tokenNamespace: "submitted"}

Based of the submitted models, but still doesn't work

0 Karma

dfoster_splunk
Splunk Employee
Splunk Employee

Check your spelling. $radiogroup$ != $radiougroup$.

If you add {tokenNamespace: "submitted"} then updating the "default" model, as you current code does, will have no effect. You probably don't want {tokenNamespace: "submitted"}.

0 Karma

Federica_92
Communicator

I have done a spelling mistake writing here, but in the code is correct, the name of the token is always the same per recurrence.
How can I solve this?

0 Karma

dfoster_splunk
Splunk Employee
Splunk Employee

Based on the information provided I don't see anything you're doing incorrectly.

Sounds like you need some hands-on debugging assistance. If you have Support contract with Splunk I would suggest opening up a Support case.

0 Karma

Federica_92
Communicator

I don't think something like that, I'm sure that there will be a different syntax to use the value $mytoken$ in a position that is not the first in the query

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...