- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How to drill down/ launch another search with para...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to drill down/ launch another search with parameter from results table in dashboard?
Hi all. I have a advanced XML dashboard that shows me a table with some results from an web server access log search. When I click on a row, i want Splunk to open a new window and start a new search with a parameter from the search in the dashboard. More specifically, i want the new search to use the IP that I found in the base search and search in another type of log for that ip at the specific time. How can I achieve this (preferrably in a simple way)? This is mi first try, but the second search does not yet take the ip in consideration... Also the timerange needs to be changed, so that i find events that happen slightly before that log event. It would be cool if I simply could write something like
sourcetype="WebAuthLog" type="Login" ip=%ip% latest="%_time%" earliest="%_time%-1h"
So here is my code:
<view template="dashboard.html">
<label>Test Dashboard</label>
<module name="AccountBar" layoutPanel="appHeader"/>
<module name="AppBar" layoutPanel="navigationHeader"/>
<module name="Message" layoutPanel="messaging">
<param name="filter">*</param>
<param name="clearOnJobDispatch">False</param>
<param name="maxSize">1</param>
</module>
<module name="HiddenSearch" layoutPanel="panel_row2_col1" autoRun="True">
<param name="search">sourcetype="W3CAccessLogAdapter" method="POST" uri="/"</param>
<module name="TimeRangePicker">
<param name="searchWhenChanged">True</param>
<module name="Paginator">
<param name="entityName">events</param>
<param name="count">50</param>
<module name="SimpleResultsTable">
<param name="displayRowNumbers">true</param>
<param name="drilldown">row</param>
<param name="entityName">events</param>
<param name="fields">clientip, req_time</param>
<module name="HiddenSearch" layoutPanel="panel_row2_col1" autoRun="True">
<param name="search">sourcetype="WebAuthLog" type="Login" </param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
<param name="popup">true</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</view>
Thanks and best regards
Nicolas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried creating another HiddenSearch module before your ViewRedirector. This should pass your click value down to that hidden search which will output to a new window with the view redirector.
For the time part need to play around a little.
travis.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
