Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ExtendedFieldSearch

tdesaules
New Member
‎07-07-2011 10:48 AM

Hello !

I have an issue making an ExtendedFieldSearch in xml

this is my code :

<module name="ExtendedFieldSearch" layoutPanel="panel_row3_col1_grp1">
<param name="replacementMap">
<param name="arg">
<param name="uri_setting"/>
</param>
</param>
<param name="field">Uri:</param>
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="uri_setting">
<param name="default">*</param>
<param name="fillOnEmpty">true</param>
</param>
</param>
</param>

When I try a search, the default value is ok but when I make a change in the text field, nothing happen....

And this is my yime and submi button module :


False
Last 4 hours
<!-- Module boutton recherche -->

True
Search
<!-- Module affichage du graph -->

index=abcroisiere sourcetype="panther_access_abcroisiere" $site$ $tag::uri$ $sHTTP$ uri=$uri_setting$ | table _time uri sHTTP


20
results

True
False

20
row
True


flashtimeline

I have this error on the service_web.log :

==> /data/splunk/var/log/splunk/web_service.log <==
2011-07-07 19:12:30,946 ERROR [4e15e8fef1e317ed0] parser:94 -
'unicode' object has no attribute 'get'
Traceback (most recent call last):
File
"/data/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/parser.py", line 83, in parse
replacedQ, replacedIntentions =
self._applyStringReplacement(q, decodedIntentions)
File
"/data/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/parser.py", line 136, in _applyStringReplacement
default = props.get('default', None);
AttributeError: 'unicode' object has no attribute 'get'

If you have any idea thanks 😉

Tags (1)
0 Karma
Reply

RicoSuave
Builder
‎07-08-2011 05:30 AM

It looks like you have your stringreplace and replacementmap parameters flipped. Stringreplace should come first then replacementmap. I believe this is a bug when using the showsource=true to convert from simple xml formsearch to advanced.

Reply

RicoSuave
Builder
‎07-08-2011 05:45 AM

I can't figure out how to get the code to post correctly, but just copy and paste it into notepad++ and hopefully it should format correctly

0 Karma
Reply

RicoSuave
Builder
‎07-08-2011 05:40 AM

Try this code instead.


uri_setting




True











0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...