Solved: passing two tokens using simple xml

himynamesdave · ‎01-29-2014

<drilldown> <link>manual_search-verification?form.index="$index$"&field="$field$"</link> </drilldown>

I am trying to pass two tokens using a drilldown on a table object.

Splunk will not let me pass two tokens using an & operator (see code) - I get an XML syntax error (says it is expecting [;]... not sure how to implement this)

How should I be writing this query?

Thanks for the help all!

himynamesdave · ‎01-29-2014

OK I've solved this myself, hope it helps someone else out too...

So instead of using "&" to join the query use "&". For example:

<link>view?form.index="$index$"&field="$field$"</link>

NOT:

<link>view?form.index="$index$"&field="$field$"</link>

View solution in original post

himynamesdave · ‎01-29-2014

OK I've solved this myself, hope it helps someone else out too...

So instead of using "&" to join the query use "&". For example:

<link>view?form.index="$index$"&field="$field$"</link>

NOT:

<link>view?form.index="$index$"&field="$field$"</link>

marciniega · ‎01-08-2017

Old post, but this helped me out. Thanks for checking back in!

lguinn2 · ‎01-12-2017

You could also use CDATA to enclose text that you don't want to be processed as XML, like this

<link><![CDATA[view?form.index="$index$"&field="$field$"]]></link>

rroberts · ‎01-13-2017

CDATA block is the way to go I think. Much easier.

marciniega · ‎01-12-2017

Also helpful, thank you!

passing two tokens using simple xml

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases