Solved: Re: Assistance with Creating Form Search with Drop...

jodros · ‎01-15-2013

This is my first form search view so I am still learning. I have read a few threads on answers and read up on some documentation about creating form searches in advanced XML. I am still not completely comfortable with "intentions" and other parts. I have tried creating a form search using 1 hidden search and 2 string replace (1 text and 1 dropdown). The dropdown is populating correctly from a lookup, however when I click on the time picker and click search, it gives me the error "PARSER: Applying intentions failed 'unicode' object has no attribute 'get'".

I have read on answers and tried to resolve this error, but I am unable to correct it. Could someone please look over my XML and help me:

See if this is even the best way to accomplish what I want
Help me correct the PARSER error

Thanks in advance

Current XML is below:

<module name="HiddenSearch" layoutPanel="viewHeader">
    <param name="search">
    sourcetype=wineventlog:security Account_Name=$username$ message=$message$ | table _time Account_Name Source_Network_Address message
  </param>
    <module name="ExtendedFieldSearch">
      <param name="replacementMap">
        <param name="arg">
          <param name="username"/>
        </param>
      </param>
      <param name="field">Domain Username</param>
      <param name="intention">
        <param name="name">stringreplace</param>
        <param name="arg">
          <param name="username">
            <param name="fillOnEmpty">True</param>
          </param>
        </param>
      </param>
      <module name="SearchSelectLister">
        <param name="staticFieldsToDisplay"/>
        <param name="search">| inputlookup domain_messages</param>
        <param name="label">Domain Event</param>
        <param name="settingToCreate">message_setting</param>
        <param name="searchFieldsToDisplay">
          <list>
            <param name="value">message</param>
            <param name="label">message</param>
          </list>
        </param>
        <param name="searchWhenChanged">False</param>
        <module name="ConvertToIntention">
          <param name="settingToConvert">message_setting</param>
          <param name="intention">
            <param name="name">stringreplace</param>
            <param name="arg">
              <param name="message">
                <param name="fillOnEmpty">True</param>
                <param name="suffix"></param>
                <param name="value">$target$</param>
              </param>
            </param>
          </param>

jodros · ‎01-16-2013

Said screw it. Got it working with simple XML.

View solution in original post

jodros · ‎01-16-2013

Said screw it. Got it working with simple XML.

jodros · ‎01-18-2013

Early morning bump. Not even 1 taker?

jodros · ‎01-17-2013

Ok, now I need to know how to disable drilldown in a form with simple XML. Any takers?

jodros · ‎01-16-2013

Early morning bump. Any takers? If not I plan to open a ticket with support and I'll update this thread. Any assistance would be appreciated.

Thanks

jodros · ‎01-15-2013

Listing the dropdown selections in the XML is also an option. I just didn't want to populate the dropdown off of a search, as it takes too long and there are only 5-10 possible selections.

Assistance with Creating Form Search with Dropdown Referencing Lookup

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability