I've got the following (simplified) form:
<form version="1.1">
<init>
<set token="MyToken">Before</set>
</init>
<search id="baseSearch">
<query>
<!-- some slow search -->
</query>
</search>
<search base="baseSearch" id="post_process_1">
<query>
<!-- some code -->
</query>
<finalized>
<set token="MyToken">Complete</set>
</finalized>
</search>
<row>
<!-- Panel that shows the results from baseSearch -->
<panel>
<html>Token is: $MyToken$</html>
</panel>
</row>
</form>
When my form is loaded I'm expecting MyToken to be initialised to 'Before' and it will be displayed in the HTML block. I'm also expecting the baseSearch to be launched, after which post_process_1 will be run. At this point MyToken will be updated to 'Complete' and the HTML block will be updated.
What actually happens is that when the form is loaded the HTML block immediately displays 'Complete'. I can't understand why - the post-process query (or for that matter the base query on which it depends) has not completed.
If I move the finalized block into the base query then it works it works as expected; the HTML block displays 'Before' on loading and then changes to 'Complete' after the baseSearch finishes.
I need the finalized block to run after the post_process_1 query because I want to use the results of the query as the value for MyToken
As can be seen from the Simple XML Reference you are looking for the <done> to react to a finished search which is defined as:
Execute actions based on finished search events. Includes job properties and first result row.
I could not find <finalize> in the "proper" documentation, although in the old Web Framework you can see its definition as:
Finalizes the search job.
(The link can be unstable - at least for me. If it does not show content try switching the release.)
Since I do not have a personal Splunk version at the moment I can not provide a working example, but it should be easy enough to reproduce.