Really simple (or should be simple) question.
Using a Simple XML Dashboard, I have the following:
<table>
<title>Something</title>
<search>
<query>source="http-simple" | spath "PerfectoTest.methodName" | search "PerfectoTest.methodName"=StoreFinder | eval stepStatus=spath(_raw, "PerfectoTest.methods.Starbucks v1.Steps{}.stepStatus") | eval overallTestStatus=spath(_raw,"PerfectoTest.testStatus") | eval TestReport=spath(_raw,"PerfectoTest.reportKey") | bucket _time span=1h | stats first(TestReport) as reportLink</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<drilldown>
<link>https://somewhere.co/?reportRepositoryKey=$click.value$</link>
</drilldown>
</table>
Where the field that is clicked contains an unencoded URL.
URLValue=PUBLIC:location/sublocation_something.xml
The combined url should look like:
xxxx://somewhere.co/?reportRepositoryKey=PUBLIC:location/sublocation_something.xml
What's actually happening is the /
and :
in the URLValue are being encoded by Splunk prior to inserting into the link, and then the link is passing the encoded URL to the final destination resulting in a url that looks like this:
xxxx://somewhere.co/?reportRepositoryKey=PUBLIC%3location%2sublocation_something.xml
How can I stop the auto-encoding from the drilldown function?
If you are using v6.5, there is a new token filter to force no encoding:
<link>https://somewhere.co/?reportRepositoryKey=$click.value|n$</link>
Nudge any suggestions?
Try something like this in your drilldown tag.
<drilldown>
<link> <![CDATA[ https://somewhere.co/?reportRepositoryKey=$click.value2$ ]]></link>
</drilldown>
I just tried the above and the result is the same 😞
It seems Splunk parses and encodes the ':' & '/' prior to parsing the CDATA command. Its really strange that its not importing the raw value into the string its building.
Is there a work around to avoid splunk to encode ':' & '/' prior to parsing the CDATA command or the value for link html tag?
Hi @alaztiest,
You might also want to try HTML entities to escape these characters:
Hope this helps!