Solved: Assistance with Creating Form Search with Dropdown...

jodros · ‎01-15-2013

This is my first form search view so I am still learning. I have read a few threads on answers and read up on some documentation about creating form searches in advanced XML. I am still not completely comfortable with "intentions" and other parts. I have tried creating a form search using 1 hidden search and 2 string replace (1 text and 1 dropdown). The dropdown is populating correctly from a lookup, however when I click on the time picker and click search, it gives me the error "PARSER: Applying intentions failed 'unicode' object has no attribute 'get'".

I have read on answers and tried to resolve this error, but I am unable to correct it. Could someone please look over my XML and help me:

See if this is even the best way to accomplish what I want
Help me correct the PARSER error

Thanks in advance

Current XML is below:

<module name="HiddenSearch" layoutPanel="viewHeader">
    <param name="search">
    sourcetype=wineventlog:security Account_Name=$username$ message=$message$ | table _time Account_Name Source_Network_Address message
  </param>
    <module name="ExtendedFieldSearch">
      <param name="replacementMap">
        <param name="arg">
          <param name="username"/>
        </param>
      </param>
      <param name="field">Domain Username</param>
      <param name="intention">
        <param name="name">stringreplace</param>
        <param name="arg">
          <param name="username">
            <param name="fillOnEmpty">True</param>
          </param>
        </param>
      </param>
      <module name="SearchSelectLister">
        <param name="staticFieldsToDisplay"/>
        <param name="search">| inputlookup domain_messages</param>
        <param name="label">Domain Event</param>
        <param name="settingToCreate">message_setting</param>
        <param name="searchFieldsToDisplay">
          <list>
            <param name="value">message</param>
            <param name="label">message</param>
          </list>
        </param>
        <param name="searchWhenChanged">False</param>
        <module name="ConvertToIntention">
          <param name="settingToConvert">message_setting</param>
          <param name="intention">
            <param name="name">stringreplace</param>
            <param name="arg">
              <param name="message">
                <param name="fillOnEmpty">True</param>
                <param name="suffix"></param>
                <param name="value">$target$</param>
              </param>
            </param>
          </param>

jodros · ‎01-16-2013

Said screw it. Got it working with simple XML.

View solution in original post

jodros · ‎01-16-2013

Said screw it. Got it working with simple XML.

jodros · ‎01-18-2013

Early morning bump. Not even 1 taker?

jodros · ‎01-17-2013

Ok, now I need to know how to disable drilldown in a form with simple XML. Any takers?

jodros · ‎01-16-2013

Early morning bump. Any takers? If not I plan to open a ticket with support and I'll update this thread. Any assistance would be appreciated.

Thanks

jodros · ‎01-15-2013

Listing the dropdown selections in the XML is also an option. I just didn't want to populate the dropdown off of a search, as it takes too long and there are only 5-10 possible selections.

Assistance with Creating Form Search with Dropdown Referencing Lookup

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant

Join the Conversation

Assistance with Creating Form Search with Dropdown Referencing Lookup

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant