Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ExtendedFieldSearch

tdesaules
New Member
‎07-07-2011 10:48 AM

Hello !

I have an issue making an ExtendedFieldSearch in xml

this is my code :

<module name="ExtendedFieldSearch" layoutPanel="panel_row3_col1_grp1">
<param name="replacementMap">
<param name="arg">
<param name="uri_setting"/>
</param>
</param>
<param name="field">Uri:</param>
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="uri_setting">
<param name="default">*</param>
<param name="fillOnEmpty">true</param>
</param>
</param>
</param>

When I try a search, the default value is ok but when I make a change in the text field, nothing happen....

And this is my yime and submi button module :


False
Last 4 hours
<!-- Module boutton recherche -->

True
Search
<!-- Module affichage du graph -->

index=abcroisiere sourcetype="panther_access_abcroisiere" $site$ $tag::uri$ $sHTTP$ uri=$uri_setting$ | table _time uri sHTTP


20
results

True
False

20
row
True


flashtimeline

I have this error on the service_web.log :

==> /data/splunk/var/log/splunk/web_service.log <==
2011-07-07 19:12:30,946 ERROR [4e15e8fef1e317ed0] parser:94 -
'unicode' object has no attribute 'get'
Traceback (most recent call last):
File
"/data/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/parser.py", line 83, in parse
replacedQ, replacedIntentions =
self._applyStringReplacement(q, decodedIntentions)
File
"/data/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/parser.py", line 136, in _applyStringReplacement
default = props.get('default', None);
AttributeError: 'unicode' object has no attribute 'get'

If you have any idea thanks 😉

Tags (1)
0 Karma
Reply

RicoSuave
Builder
‎07-08-2011 05:30 AM

It looks like you have your stringreplace and replacementmap parameters flipped. Stringreplace should come first then replacementmap. I believe this is a bug when using the showsource=true to convert from simple xml formsearch to advanced.

Reply

RicoSuave
Builder
‎07-08-2011 05:45 AM

I can't figure out how to get the code to post correctly, but just copy and paste it into notepad++ and hopefully it should format correctly

0 Karma
Reply

RicoSuave
Builder
‎07-08-2011 05:40 AM

Try this code instead.


uri_setting




True











0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...