Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Escaping special characters in text input

willadams
Contributor
‎02-25-2021 09:52 PM

I have a very basic dashboard that requires my users to put in text inputs.  These inputs are then outputted to a CSV file that can be referenced.  The basics of it are

<input type="text" token="user">
        <label>user</label>
      </input>
      <input type="text" token="hostname">
        <label>Host Name</label>
</input>
 <input type="text" token="switch">
        <label>Switchingcommand</label>
</input>

 

I have my form being submitted via a submit button at the top of the form that takes this information and outputs this to a csv file with an append

<search>
    <query>
          | makeresults
          | eval user="$user$"
          | eval hostname="$hostname$"
          | eval switch="$switch$"
          | outputlookup tracking.csv append=true
        </query>
</search>

 

The above works within the dashboard provided that there are no special characters.  Due to the nature of the value for "switch" above, it can contain a long string with various escape characters.  For example a string entered could be almost any special characters (for example it could contain "regex" or "#" or "=" or "$" or "[word]" etc. etc. etc.

 

I have tried modifying my search query as follows (adding in |s$) after the eval for switch

<search>
    <query>
          | makeresults
          | eval user="$user$"
          | eval hostname="$hostname$"
          | eval switch="$switch$"|s$
          | outputlookup tracking.csv append=true
        </query>
</search>

 

however this doesn't appear to work and the input silently fails.  Have I used |s$ in the correct place or is this not possible?

 

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-25-2021 11:26 PM

Try

| eval switch="$switch|s$"
0 Karma
Reply

KeithH
Path Finder
‎01-29-2024 05:54 PM

Can anyone point me to where this escaping is documented in the Splunk manuals?

I can across it in a dashboard today and have not been able to track it down - very confusing until a colleague told me what it did.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...