It can enhance query readability to separate large queries into their logical components using empty lines:
index = events
`comment("find and filter events")`
`comment("derive statistics of type A")`
`comment("derive statistics of type B")`
`comment("sort and format the results")`
But the Splunk search's auto-format removes empty lines. I'd like to prevent that. Is there a way to retain all auto-format functionality EXCEPT for deleting empty lines?
If that's impossible, I'd like to find the minimum "filler-text" which I could use to separate logical blocks of a search.
Right now my only candidates are empty comments and noop.
Are there any better alternatives? I'm also suspicious that "noop" might not be benign.
I'm using Splunk Enterprise 7.3.0
... View more
I'm using Splunk Enterprise Version: 7.3.0
I'm trying to make a chrome extension that will allow me to toggle line-comments in the search window. It's tedious to prepend comment(" and append ") to each line I want to comment-out.
I've discovered that the search text is ultimately stored in "ace_line_group" classes, one ace_line_group per line of the text. These ace_line_groups reside inside a ace_text-layer.
Let's try modifying the following line:
Let's not even worry about modifying the search to any reasonable value and instead just make sure that we can in fact modify the search text at all. The closest I've gotten to doing so is the following command, which would change the first line of the query to "hello":
document.getElementsByClassName('ace_line_group').innerText = "hello"
At first this appears to actually change the value of the first line of the search text. However there's a bunch of empty space after "hello."
This empty space can be copy-pasted to reveal the original text! Additionally, if the first line is then edited in the search window, as soon as a key is pressed, the line reverts back to its original state.
... View more