Dashboards & Visualizations

How to prevent URL encoding of an external field in my Simple XML dashboard drilldown?

alaztiest
Explorer

Really simple (or should be simple) question.

Using a Simple XML Dashboard, I have the following:

      <table>
        <title>Something</title>
        <search>
          <query>source="http-simple" | spath "PerfectoTest.methodName" | search "PerfectoTest.methodName"=StoreFinder | eval stepStatus=spath(_raw, "PerfectoTest.methods.Starbucks v1.Steps{}.stepStatus") | eval overallTestStatus=spath(_raw,"PerfectoTest.testStatus") | eval TestReport=spath(_raw,"PerfectoTest.reportKey") | bucket _time span=1h | stats first(TestReport) as reportLink</query>
          <earliest>0</earliest>
          <latest></latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <link>https://somewhere.co/?reportRepositoryKey=$click.value$</link>
        </drilldown>
      </table>

Where the field that is clicked contains an unencoded URL.

URLValue=PUBLIC:location/sublocation_something.xml

The combined url should look like:

xxxx://somewhere.co/?reportRepositoryKey=PUBLIC:location/sublocation_something.xml

What's actually happening is the / and : in the URLValue are being encoded by Splunk prior to inserting into the link, and then the link is passing the encoded URL to the final destination resulting in a url that looks like this:

xxxx://somewhere.co/?reportRepositoryKey=PUBLIC%3location%2sublocation_something.xml

How can I stop the auto-encoding from the drilldown function?

nfilippi_splunk
Splunk Employee
Splunk Employee

If you are using v6.5, there is a new token filter to force no encoding:

<link>https://somewhere.co/?reportRepositoryKey=$click.value|n$</link>

alaztiest
Explorer

Nudge any suggestions?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Try something like this in your drilldown tag.

  <drilldown>
           <link> <![CDATA[  https://somewhere.co/?reportRepositoryKey=$click.value2$ ]]></link>
         </drilldown>
0 Karma

alaztiest
Explorer

I just tried the above and the result is the same 😞

It seems Splunk parses and encodes the ':' & '/' prior to parsing the CDATA command. Its really strange that its not importing the raw value into the string its building.

0 Karma

Dhanapathi
New Member

Is there a work around to avoid splunk to encode ':' & '/' prior to parsing the CDATA command or the value for link html tag?

0 Karma

frobinson_splun
Splunk Employee
Splunk Employee

Hi @alaztiest,
You might also want to try HTML entities to escape these characters:

See
http://docs.splunk.com/Documentation/Splunk/6.5.0/Viz/OverviewofSimplifiedXML#Special_characters_in_...

Hope this helps!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...