Hi everyone, I'm trying to do a query using eval, and a token value:
....
var id = $(cb).attr('id');
tokens.set("mytoken", id);
But the query is not working, if instead of write "mytoken" in the eval condition, I write it at the place of the * the query works. Any suggestion?
var SearchManager_button = require("splunkjs/mvc/searchmanager");
new SearchManager_button({
id: "mysearch-button",
search: mvc.tokenSafe ("*| eval output=$mytoken$ | fields output |outputlookup wildcard_read.csv")
});
"mvc.tokenSafe :(" is not valid syntax. You have an extra colon. Please check JS console for errors.
Sorry, you are right, I have correct the syntax, but I have still the same problem, I have got that I cannot use :
| eval output=$radiogroup$
So, I cannot use the tokensafe in the second part of the query but I don't understand the reason.
Let me know, if you will have any ideas, thank you
So, I cannot use the tokensafe in the second part of the query
I do not understand what you mean by this. It is valid to pass an expression of the form tokensafe("SEARCH_STRING") to a setting for a SearchManager.
Depending on how much you are omitting from your example, you may need to update "submitted" token model in addition to the "default" token model. Any SearchManager emitted from Simple XML will be bound to the "submitted" token model by default. However the code example you provide doesn't have the SearchManager bound to "submitted", so this may not be your issue.
I mean, if I use $radiougroup$ before of the pipe " | " My query read the value of the token, instead if I use the pipe, and next eval, my query doesn't recognize it.
I have tried to add this part :
{tokens: true, tokenNamespace: "submitted"}
Based of the submitted models, but still doesn't work
Check your spelling. $radiogroup$ != $radiougroup$.
If you add {tokenNamespace: "submitted"} then updating the "default" model, as you current code does, will have no effect. You probably don't want {tokenNamespace: "submitted"}.
I have done a spelling mistake writing here, but in the code is correct, the name of the token is always the same per recurrence.
How can I solve this?
Based on the information provided I don't see anything you're doing incorrectly.
Sounds like you need some hands-on debugging assistance. If you have Support contract with Splunk I would suggest opening up a Support case.
I don't think something like that, I'm sure that there will be a different syntax to use the value $mytoken$ in a position that is not the first in the query