Splunk Search

Search will run in search app but not as hiddensearch

jedatt01
Builder

I have a search that will work fine manually in the search app, but when I try to incorporate it as a hidden search in my custom app xml it gets the following error.
Encountered the following error while trying to update: In handler 'views': Error parsing XML on line 54: StartTag: invalid element name

Search Criteria:
sourcetype="orion__detail_daily" OR sourcetype="gomez_data" | eval percent_avail=coalesce(percent_avail,avail) | eval tier = if(sourcetype="Orion_Server_Detail_Daily","Server",if(sourcetype="Orion_Application_Detail_Daily","Application","User")) | stats avg(percent_avail) as appAvail by tier | eval grnColumn = if(appAvail>95, appAvail, 0) | eval yelColumn = if((appAvail<96* **AND appAvail***>89), appAvail, 0) | eval redColumn = if(appAvail<90,* appAvail, 0) | fields - appAvail

The parts in the search criteria that I have in bold are showing up as blue and what I have in italics are green in the xml editor. I believe this is where it's having the problem.

Tags (1)
0 Karma
1 Solution

dshpritz
SplunkTrust
SplunkTrust

I haven't experienced this first hand, but my guess would be that the problem is that the "<" and ">" need to be converted to valid entities. So &lt; and &gt;.

HTH,

Dave

View solution in original post

dshpritz
SplunkTrust
SplunkTrust

I haven't experienced this first hand, but my guess would be that the problem is that the "<" and ">" need to be converted to valid entities. So &lt; and &gt;.

HTH,

Dave

jedatt01
Builder

Thanks Dave, this worked perfectly!

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...