Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Escaping special characters in text input

willadams
Contributor
‎02-25-2021 09:52 PM

I have a very basic dashboard that requires my users to put in text inputs.  These inputs are then outputted to a CSV file that can be referenced.  The basics of it are

<input type="text" token="user">
        <label>user</label>
      </input>
      <input type="text" token="hostname">
        <label>Host Name</label>
</input>
 <input type="text" token="switch">
        <label>Switchingcommand</label>
</input>

 

I have my form being submitted via a submit button at the top of the form that takes this information and outputs this to a csv file with an append

<search>
    <query>
          | makeresults
          | eval user="$user$"
          | eval hostname="$hostname$"
          | eval switch="$switch$"
          | outputlookup tracking.csv append=true
        </query>
</search>

 

The above works within the dashboard provided that there are no special characters.  Due to the nature of the value for "switch" above, it can contain a long string with various escape characters.  For example a string entered could be almost any special characters (for example it could contain "regex" or "#" or "=" or "$" or "[word]" etc. etc. etc.

 

I have tried modifying my search query as follows (adding in |s$) after the eval for switch

<search>
    <query>
          | makeresults
          | eval user="$user$"
          | eval hostname="$hostname$"
          | eval switch="$switch$"|s$
          | outputlookup tracking.csv append=true
        </query>
</search>

 

however this doesn't appear to work and the input silently fails.  Have I used |s$ in the correct place or is this not possible?

 

 

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-25-2021 11:26 PM

Try

| eval switch="$switch|s$"
0 Karma
Reply

KeithH
Path Finder
‎01-29-2024 05:54 PM

Can anyone point me to where this escaping is documented in the Splunk manuals?

I can across it in a dashboard today and have not been able to track it down - very confusing until a colleague told me what it did.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...