What would be the easiest one line solution to remove special characters from a token?
I'm taking a text input (mac addresses like 00:1B:44:11:3A:B7) from the user, & 1 source type uses the exact address & another source type has no ":" in the address.
I'm using the token as the complete search item (does the search content have a imbedded variable?).
When I do things like add a token to an eval command, it doesn't work. It seems like there should be an easier way to get around this problem.
You could use eval tokens:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Viz/tokens#Define_token_filtering_and_formatting
For example:
<eval token="new_token">replace('mac_address_token', ":", "")</eval>
"This seems like it would work
I insert w/ stanza
<input type="text" token="WWN1" searchWhenChanged="true">
<label>Enter WWN</label>
<default></default>
</input>
replace($WWN1$, ":","") searchWhenChanged="true"
but 2 things are happening.
1- Splunk decides when I refresh the dashboard to re-arrange my code
replace($WWN1$, ":","") searchWhenChanged="true"
<input type="text" token="WWN1" searchWhenChanged="true">
<label>Enter WWN</label>
<default></default>
</input>
2- it works after I hit "save" when I put the new stanza after the input.. but if I insert another WWN
it never update, if I refresh the page, splunk inverts the code again. "
What about this: YOUR_SEARCH | eval mac_full = "$token$" | eval mac_short = mac_full | rex field=mac_short mode=sed "s/://g""
I guess at the simplest part of this is how can I remove all ":" from a mac address & pass it on to another panel?
I dont think escapes will work due to its not a quote, Not sure how to escape would work in any case scenerio since ":"'s are throughout the string.
HI @clintla
When using tokens on dashboards, you should use the token escape sequence $my_token|s$
The |s
is the extra part that will add double quotes and take care of escaping for you.
Here is the relevant documentation: https://docs.splunk.com/Documentation/Splunk/6.5.0/Viz/tokens#Token_filters
I hope this is helpful
Your question would benefit from an added example to make it clearer.