Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

setup.xml custom endpoint label newline

klee310
Communicator
‎03-31-2011 04:40 AM

I'm trying to put a newline in my label tag in for one of the inputs. Not sure how the newline character should be specified.

This is what I have:

<input field="general_log_encoding_string">
 <label>
 Custom character-encoding name if different from default, ex. BIG-5
 \n\r
 See http://www.splunk.com/base/Documentation/4.2/Data/Configurecharactersetencoding for details</label>
 <type>text</type>
</input>

But the result comes out like this:

Custom character-encoding name if different from default, ex. BIG-5 \n\r See http://www.splunk.com/base/Documentation/4.2/Data/Configurecharactersetencoding for details

Any help is greatly appreciated. Thanks

0 Karma
Reply

klee310
Communicator
‎04-20-2011 06:48 AM

I've checked everywhere, and there doesn't seem to be a solution anywhere. I guess I'll just give up this function. Its bells-and-whistles anyways.

0 Karma
Reply

LukeMurphey
Champion
‎03-31-2011 05:43 AM

You can do this using a break or paragraph tag. However, you will need to put your HTML in CDATA blocks so that it is ignored by Splunk's XML parser. Below is an updated version of your sample:

<input field="general_log_encoding_string">
 <text>
 Custom character-encoding name if different from default, ex. BIG-5
 <![CDATA[<p>]]> <!-- Note the custom HTML included here -->
 See http://www.splunk.com/base/Documentation/4.2/Data/Configurecharactersetencoding for details</text>
 <type>text</type>
</input>
0 Karma
Reply

LukeMurphey
Champion
‎04-05-2011 10:18 PM

Check the internal error log. Open the search app and run a search for:

index=_internal error

0 Karma
Reply

klee310
Communicator
‎04-05-2011 02:54 PM

not quite sure what you're trying to get at. if I replace the label tag with the text tag, the setup.xml screen doesn't even load up. AttributeError: 'NoneType' object has no attribute 'text'

0 Karma
Reply

LukeMurphey
Champion
‎03-31-2011 04:36 PM

Try putting the comment in in a text tag as opposed to a label tag. i.e. ...

0 Karma
Reply

klee310
Communicator
‎03-31-2011 06:55 AM

tried that, and this is what i get:
Custom character-encoding name if different from default, ex. BIG-5

See http://www.splunk.com/base/Documentation/4.2/Data/Configurecharactersetencoding for details

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...