Splunk Dev

How to use Django Template Tags inside a search manager tag?

taldev
Explorer

I have some data that is sent to my view using a regular HTML form. Some of this data needs to be used in the search itself, but I cannot use the regular Splunk text fields as we need to sanitize the inputs in peculiar ways (and we do not wish to do it using JS or JQuery, it needs to be done on the back end).

There is a view with a form, when this form is filled out, the search goes to a new view where the result is to be displayed. However, whenever I try to use the data from the form in the {{ tag_name }} format, the splunk search manager seems to just read it as {{ tag_name }} in the search field instead of the actual value passed on.

What am I missing here?

The search manager block looks like this, the {{ foo }} tag is rendered with the view and is available in HTML:

{% block managers %}
    {% searchmanager id="viljeyttring"
        search="sourcetype=logger value={{ foo }}"|token_safe
        earliest_time="$earliestval$"|token_safe
        latest_time="$latestval$"|token_safe
        cache="false"
        autostart="true"
        preview="false"
    %}
{% endblock managers %}

Suggestions? Let me know if anything is unclear.

0 Karma
1 Solution

taldev
Explorer

I have solved this problem, albeit in a less diserable manner:

First of all, I had to use to a hidden (by CSS) textinput field that created the correct token to be used in the search.

Second, by using the Splunk JS Stack and the getInstance function I was able to retrieve and set the token value to the value contained in the Django tag. Setting this allows the search to execute as it should by using the token in the search string.

Example:
Text field:

        <div class="input input-text splunk-textfield" id="field1">
             {% textinput id="foo"
            valueField="foo"
            disabled="true"
            value="$foo$"|token_safe
            %}
        </div>
  • The CSS class "splunk-textfield" is a custom one which is set as hidden.
    JS Block:

      <script>
        var deps= [
            "splunkjs/ready!",
            "splunkjs/mvc/textinputview",
            "splunkjs/mvc/timerangeview",
            "splunkjs/mvc/searchmanager",
            ];
            require(deps, function(mvc){
                jQuery(document).ready(function(){
                                $("form").submit(function() {
                            alert($('#field1').attr());
                            });
    
                        });    
    
                var tokens = mvc.Components.getInstance("default");
                tokens.set("foo", "{{foo}}");
                });
        </script>
    

Search manager:

 {% searchmanager id="base_search" 
    search='sourcetype=somelog AND value=$foo$'|token_safe
    earliest_time="$earliestval$"|token_safe
    autostart="false"
    latest_time="$latestval$"|token_safe
    cancelOnUnload="true"
    %}

View solution in original post

taldev
Explorer

I have solved this problem, albeit in a less diserable manner:

First of all, I had to use to a hidden (by CSS) textinput field that created the correct token to be used in the search.

Second, by using the Splunk JS Stack and the getInstance function I was able to retrieve and set the token value to the value contained in the Django tag. Setting this allows the search to execute as it should by using the token in the search string.

Example:
Text field:

        <div class="input input-text splunk-textfield" id="field1">
             {% textinput id="foo"
            valueField="foo"
            disabled="true"
            value="$foo$"|token_safe
            %}
        </div>
  • The CSS class "splunk-textfield" is a custom one which is set as hidden.
    JS Block:

      <script>
        var deps= [
            "splunkjs/ready!",
            "splunkjs/mvc/textinputview",
            "splunkjs/mvc/timerangeview",
            "splunkjs/mvc/searchmanager",
            ];
            require(deps, function(mvc){
                jQuery(document).ready(function(){
                                $("form").submit(function() {
                            alert($('#field1').attr());
                            });
    
                        });    
    
                var tokens = mvc.Components.getInstance("default");
                tokens.set("foo", "{{foo}}");
                });
        </script>
    

Search manager:

 {% searchmanager id="base_search" 
    search='sourcetype=somelog AND value=$foo$'|token_safe
    earliest_time="$earliestval$"|token_safe
    autostart="false"
    latest_time="$latestval$"|token_safe
    cancelOnUnload="true"
    %}

dorilevy
Path Finder

Hey,

Thank you for publishing this code. it is exactly what i am trying to do. Just a question - i was able to to use the code, but the textinput is not hidden - just grayed out. Did you manage to get it to be hidden?

Regards,
Dori

0 Karma

taldev
Explorer

I did that through CSS. If you look at the HTML code, the class "splunk-textfield" has a display: none;-setting that makes it invisible. Or did you mean something else?

0 Karma

dorilevy
Path Finder

Thanks for the fast reposne. Can't seem to make it work. Maybe i missing something - I added this:

    .splunk-textfield {
        display=none;
    }
0 Karma

taldev
Explorer

I'm no CSS expert, by the syntax is:

.splunk-textfield {
display: none;
}

If that doesn't work, i'll have to check my code at work tomorrow.

dorilevy
Path Finder

You are right - my bad - syntax error. It's working now.
thank you.

0 Karma

taldev
Explorer

See my answer to this question below.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...