Hi community,
I am trying to create a drilldown for a table using a cell value that contains a URL (or part of it).
These are the problems I'm facing:
1) Splunk converts the '/' in the cell value to '%2F'.
2) Cell becomes unclickable when cell value (containing part of URL) starts with '/'.
To explain the problems, here is a table with different use cases that you can also copy and play with:
<table>
<search>
<query>index=_internal | head 1
| eval can_click = "dev.splunk.com"
| eval cannot_click = "dev.splunk.com/view/webframework-codeexamples/SP-CAAAEVU"
| eval can_click_but_forward_slashes_replaced = "view/webframework-codeexamples/SP-CAAAEVU"
| table can_click, cannot_click, can_click_but_forward_slashes_replaced, with_cdata__cannot_click, with_cdata__can_click_but_forward_slashes_replaced
</query>
</search>
<drilldown target="_blank">
<condition field="can_click">
<link>http://$row.can_click$</link>
</condition>
<condition field="cannot_click">
<link>http://$row.cannot_click$</link>
</condition>
<condition field="can_click_but_forward_slashes_replaced">
<link>http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced$</link>
</condition>
<condition field="with_cdata__cannot_click">
<link><![CDATA[http://$row.cannot_click$]]></link>
</condition>
<condition field="with_cdata__can_click_but_forward_slashes_replaced">
<link><![CDATA[http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced$]]></link>
</condition>
</drilldown>
</table>
My question: How can make a drilldown use a cell value containing a URL (or even just part of it)?
You have to enable no character escaping using n$ in all your tokens having URL escape characters. Following should work.
<drilldown>
<condition field="can_click">
<link>http://$row.can_click$</link>
</condition>
<condition field="cannot_click">
<link>http://$row.cannot_click|n$</link>
</condition>
<condition field="can_click_but_forward_slashes_replaced">
<link>http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$</link>
</condition>
<condition field="with_cdata__cannot_click">
<link><![CDATA[http://$row.cannot_click|n$]]></link>
</condition>
<condition field="with_cdata__can_click_but_forward_slashes_replaced">
<link><![CDATA[http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$]]></link>
</condition>
</drilldown>
Refer to the documentation for details: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens
You have to enable no character escaping using n$ in all your tokens having URL escape characters. Following should work.
<drilldown>
<condition field="can_click">
<link>http://$row.can_click$</link>
</condition>
<condition field="cannot_click">
<link>http://$row.cannot_click|n$</link>
</condition>
<condition field="can_click_but_forward_slashes_replaced">
<link>http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$</link>
</condition>
<condition field="with_cdata__cannot_click">
<link><![CDATA[http://$row.cannot_click|n$]]></link>
</condition>
<condition field="with_cdata__can_click_but_forward_slashes_replaced">
<link><![CDATA[http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$]]></link>
</condition>
</drilldown>
Refer to the documentation for details: http://docs.splunk.com/Documentation/Splunk/latest/Viz/tokens
Hi,
I appreciate your response, but adding '|n' as you suggested does not work.
It makes Splunk skip replacing the token reference with the actual value i.e. the link becomes 'dev.splunk.com/$row.can_click_but_forward_slashes_replaced$' instead of 'dev.splunk.com/view/webframework-codeexamples/SP-CAAAEVU'.
According to the documentation, the token filter '|u' is applied by default for all 'link' values.
Do you know if there is a way I can disable the '|u' token filter?
Thank you.
I tried the following and it worked fine for me. Similar to the example you have provided.
<panel>
<table>
<search>
<query>| makeresults
| eval can_click="dev.splunk.com"
| eval cannot_click = "dev.splunk.com/view/webframework-codeexamples/SP-CAAAEVU"
| eval can_click_but_forward_slashes_replaced = "view/webframework-codeexamples/SP-CAAAEVU"
| eval with_cdata__cannot_click = "dev.splunk.com/view/webframework-codeexamples/SP-CAAAEVU"
| eval with_cdata__can_click_but_forward_slashes_replaced = "view/webframework-codeexamples/SP-CAAAEVU"
| table can_click, cannot_click, can_click_but_forward_slashes_replaced, with_cdata__cannot_click, with_cdata__can_click_but_forward_slashes_replaced</query>
<earliest>-60m@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<drilldown>
<condition field="can_click">
<link>http://$row.can_click$</link>
</condition>
<condition field="cannot_click">
<link>http://$row.cannot_click|n$</link>
</condition>
<condition field="can_click_but_forward_slashes_replaced">
<link>http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$</link>
</condition>
<condition field="with_cdata__cannot_click">
<link><![CDATA[http://$row.cannot_click|n$]]></link>
</condition>
<condition field="with_cdata__can_click_but_forward_slashes_replaced">
<link><![CDATA[http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced|n$]]></link>
</condition>
</drilldown>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
@enexwhy is your issue solved. Were you able to run the test code I have attached?
No, it does not work for me.
This is the resulting URL that I get when I click on 'cannot_click': http://%24row.cannot_click%7Cn%24/
Also, trying to use 'makeresults' results in an 'invalid command' error for me.
It shows that you are using a newer version of Splunk. Mine is v6.2, and maybe that's why we are seeing different outcomes.
Thank you for your reply anyway.
@enexwhy... Since you are on version 6.2, can you also check creating html panel below table and see if link generated is clickable. Splunk 6.x Dashboard Example App shows Dynamic Drilldown Examples which are also available in 6.2. Can you please try getting the App and see if you find something that works for you?
I converted the XML to HTML.
This was part of the code:
} else if (e.field === "with_cdata__can_click_but_forward_slashes_replaced") {
e.preventDefault();
var url = TokenUtils.replaceTokenNames("http://dev.splunk.com/$row.can_click_but_forward_slashes_replaced$", _.extend(submittedTokenModel.toJSON(), e.data), TokenUtils.getEscaper('url'));
utils.redirect(url, false, "_blank");
}
The problem is "TokenUtils.getEscaper('url')". By removing that, the forward slashes no longer get replaced and the URL works as it should.
However, there is no equivalent solution in XML.
HTML Panels are different than HTML Dashboards. What I was requesting was to create HTML Panels with anchor tags instead of links and use then as URL Encoded links. Nevertheless, easier or the hard way, I am glad you are able to somehow make it work.
Upgrading to newer instance of Splunk will also fix the same as the Simple XML dashboard is working fine for me in 6.5. Sooner or later things will be easier with latest version.
Hi, I now have access to a Splunk instance that is version 6.5+, and can finally verify that your answer was correct. I have accepted it; thanks for the help!
@enexwhy... glad it worked! 🙂