Solved: Re: Self defined variable format in javascript sea...

clement · ‎12-02-2017

I found many token based variable search examples online but not on own created variable in customized Javascript. E.g: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEWY

May I know how to define mixture of self defined and token based variable in Javascript search query e.g variable "filename" and "alertid" in the example follow?

// partial javascript code:
var alertid= tokens.get("alertid_token"); //tokens received
var filename = "1512234117_372926.png"; //own created variable

   // Search Manager - Make a search using tokens obtained
    var search = new SearchManager({
        "id": "search_img",
        "earliest_time": "-5m@m",
        "latest_time": "now",
        "search":"| imgsearch alertid filename",  // are these variable format correct?
        "cancelOnUnload": true,
        "autostart": false,
       "auto_cancel": 90,
        "preview": false,
        "cache": false
    });

clement · ‎12-03-2017

@niketnilay, thank you for your reply.

I tested your suggestion, however it is not working.

The two "console.log(alertid);" and "console.log(filename);" before search execution output are correct, but "Search started" or "search:done" status is not shown.

Please find the my complete JS code follows:

require([
"splunkjs/mvc",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/simplexml/ready!"
], function(mvc) {

var SearchManager = require("splunkjs/mvc/searchmanager");

// Get the Events table
var myEventsTable = mvc.Components.get('myevents');


// Respond to a click event
myEventsTable.on("click", function(e) {


    // Get the default model
    var tokens = mvc.Components.get("default");
    var alertid= tokens.get("src_type_tok");
    var ctime = new Date().getTime();

    // create file and path var
    var filename = ctime + "_" + alertid + ".png";

    console.log(alertid);
    console.log(filename);

    var search = new SearchManager({
         "id": "search_img",
         "earliest_time": "-5m@m",
         "latest_time": "now",
         "search": "| imgsearch $alertid$ $filename$",    // this one not working
       //"search": "| imgsearch 3215687 153857376_3215687.png",   // this is working fine
         "cancelOnUnload": true,
         "autostart": false,
         "auto_cancel": 90,
         "preview": false,
         "cache": false,
         "tokenDependencies": {
         },
         "runWhenTimeIsUndefined": false
    }, {tokens: true, tokenNamespace: "submitted"});

    console.log("after search function");

    search.on('search:failed', function() {
        console.log("Search failed");
    }.bind(this));

    search.on("search:start", function() {
        console.log("Search started");
    }.bind(this));

    search.on("search:done", function() {
        console.log("Search completed");
    }.bind(this));

    // Start the search
    search.startSearch();
});

});

View solution in original post

clement · ‎12-03-2017

@niketnilay, thank you for your reply.

I tested your suggestion, however it is not working.

The two "console.log(alertid);" and "console.log(filename);" before search execution output are correct, but "Search started" or "search:done" status is not shown.

Please find the my complete JS code follows:

require([
"splunkjs/mvc",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/simplexml/ready!"
], function(mvc) {

var SearchManager = require("splunkjs/mvc/searchmanager");

// Get the Events table
var myEventsTable = mvc.Components.get('myevents');


// Respond to a click event
myEventsTable.on("click", function(e) {


    // Get the default model
    var tokens = mvc.Components.get("default");
    var alertid= tokens.get("src_type_tok");
    var ctime = new Date().getTime();

    // create file and path var
    var filename = ctime + "_" + alertid + ".png";

    console.log(alertid);
    console.log(filename);

    var search = new SearchManager({
         "id": "search_img",
         "earliest_time": "-5m@m",
         "latest_time": "now",
         "search": "| imgsearch $alertid$ $filename$",    // this one not working
       //"search": "| imgsearch 3215687 153857376_3215687.png",   // this is working fine
         "cancelOnUnload": true,
         "autostart": false,
         "auto_cancel": 90,
         "preview": false,
         "cache": false,
         "tokenDependencies": {
         },
         "runWhenTimeIsUndefined": false
    }, {tokens: true, tokenNamespace: "submitted"});

    console.log("after search function");

    search.on('search:failed', function() {
        console.log("Search failed");
    }.bind(this));

    search.on("search:start", function() {
        console.log("Search started");
    }.bind(this));

    search.on("search:done", function() {
        console.log("Search completed");
    }.bind(this));

    // Start the search
    search.startSearch();
});

});

niketn · ‎12-03-2017

@clement, what you are trying to do can be done in Simple XML itself. Any specific reason for JavaScript?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

clement · ‎12-03-2017

@niketnilay, indeed you have just highlighted a good pointer for me to find a workaround, thank you.

I refer to the following workaround, it work fine for my requirement:
https://answers.splunk.com/answers/239159/multiple-base-searches-in-a-dasboard-with-post-pro.html

Thanks again for sharing your information 🙂

niketn · ‎12-04-2017

@clement, seems like you are using post processing to overcome the issue you were facing. While init section to initialize token is a different approach. But I am glad you found something working for you.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

niketn · ‎12-02-2017

@clement, I believe imgsearch is your custom SPL command. The tokens in search string should be placed withing dollar signs i.e.

|  imgsearch $filename$ $alert_id$

Following is what your search might look like with the changes.

var search = new SearchManager({
            "id": "search_img",
            "earliest_time": "-5m@m",
            "latest_time": "now",
            "search": "|  imgsearch $filename$ $alert_id$",
            "cancelOnUnload": true,
            "autostart": false,
            "auto_cancel": 90,
            "preview": false,
            "cache": false,
            "tokenDependencies": {
            },
            "runWhenTimeIsUndefined": false
        }, {tokens: true, tokenNamespace: "submitted"});

PS: From Splunk Enterprise 6.5 onward, if you are not using HTML Dashboards you should have <init> section in Simple XML dashboard which should allow you to initialize your own static tokens like filename. Which implies you do not require Simple XML JavaScript Extension for such scenarios. (PS: init section does not work in HTML Dashboard or after conversion to HTML Dashboard.)

  <init>
    <set token="filename">1512234117_372926.png</set>
  </init>

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Self defined variable format in javascript search query

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

Self defined variable format in javascript search query

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases