Solved: Hidden Search using Advance XML

nikhilmehra79 · ‎03-06-2014

so i have hidden search in my advance XML file in v5. works perfect until i need to modify my search to extend some regex - now the whole search string on search panel works fine but when i try to take the samelogic to advance xml in my app it starts throwing syntax error on xmlfile.

Reason i think is that

SO here is line which is throwing syntax error:

i think it is not liking a tag and in

nikhilmehra79 · ‎03-06-2014

i think i found the answer it has to be lt and gt to escape.

View solution in original post

redc · ‎03-31-2014

I like to be able to copy-paste my searches in/out of my dashboards, so I always wrap my searches in CDATA tags. So yours would be:

<param name="search"><![CDATA[((source="ABC.csv") AND (SH)) | rex field=_raw "(?<hostname>.*),(?<value>.*)" | avg(Value)]]></param>

This way, you can copy your search into the Search view and run it without having to manually change < and > back to < and >, respectively, and vice versa.

nikhilmehra79 · ‎03-06-2014

i think i found the answer it has to be lt and gt to escape.

MuS · ‎03-07-2014

you have to use the < for < and the > for > in your XML code. Another method would be to use your search inside a CDATA tag. For more information read the docs on Simplified XML http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/OverviewofSimplifiedXML

cheers, MuS

Hidden Search using Advance XML

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!