Dashboards & Visualizations

Custom Results View

MatthewTowey
Path Finder

Hi

When I search for a result I want to be able to select a single result and view it in a custom view i.e I search for "blank" and get 100 results. When I select a result from the results table I see a view with only the result I selected and information about this result.

Just wondering if this is possible using the advanced XML as I have never had to use XML before, any help or questions to explain the request more are welcomed

Thanks in advance
Mat

sideview
SplunkTrust
SplunkTrust

You may want to check out Sideview Utils. You can either get the older 1.3 version free from Splunkbase, or get a 90 day trial of the new 2.0 version from the Sideview site.

As for what the benefit is here for this use case, the short short version is that it's a lot more intuitive. a) you wont have to use intentions, or think about intentions, and b) you can use the Redirector module to pass the clicked value from the first view to the second view, and you can use that $myClickedUponRowValue$ token in the second view however you want.

For the long version, I'd pull down the app, either the newer or the older version, and then open the app in your browser. You'll see it has tons of documentation and examples. You should read through all of it, but there are several pages about these areas -- linking from view to view, prepopulating UI elements in the target view, and using the Redirector and URLLoader modules.

araitz
Splunk Employee
Splunk Employee

Yes, absolutely possible. This is off the top of my head, so excuse any typos or errors





*
False
1


dashboard


<!-- This is the search you use to populate the table -->
index=_internal | timechart count by source
-1h

results
<!-- setting drilldown to 'row' means 'use the value in the first column' -->
row

<!-- This is the search you want to send on to the next view, aka the drilldown search -->
index=_internal


<!-- This part says 'add the term "source=" plus whatever value was clicked above to the drilldown search -->
addterm

$click.value$


<!-- Roll 'em up! This will send the new search to the 'flashtimeline' view -->

flashtimeline





This post has more information on the ConvertToIntention module:

http://splunk-base.splunk.com/answers/41366/drilldown-clickvalue-isnt-being-replaced

araitz
Splunk Employee
Splunk Employee

Yes, take the code above and put it in a new view, either through Manager > User Interface > Views > New or by pasting it in to a file in $SPLUNK_HOME/etc/apps/<your_app>/default/data/ui/views/. If you put a reference to it in $SPLUNK_HOME/etc/apps/<your_app>/default/data/ui/nav/default.xml, it will show up in the nav bar.

0 Karma

MatthewTowey
Path Finder

Hi araitz
Thanks for the response
Sorry for my complete beginner experience but your going to have to hold my hand a little here does this code that you have written go into it's own xml file in $Splunk\etc\apps<my app>\default\data\ui\views and then do I reference it in the $Splunk\etc\apps\Matt\default\data\ui\nav default.xml ???

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...