Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ConvertToIntention within ConvertToIntention

MatthewTowey
Path Finder
‎06-13-2012 08:44 AM

Hi

I would like to add 2 arguments to a search from the results table this is the code that I have tried to work on. Any Help please?

<module name="ResultsHeader" layoutPanel="resultsHeaderPanel" group="splIcon-results-table" altTitle="Table">
  <param name="entityLabel">results</param>
  <param name="entityLabelSingular">result</param>
  <param name="entityName">results</param>
  <module name="Export" layoutPanel="pageControls">
    <param name="exportType">result</param>
  </module>
  <module name="EnablePreview" group="show" layoutPanel="resultsOptions">
    <param name="enable">True</param>
    <module name="Paginator" layoutPanel="pageControls">
      <param name="entityName">results</param>
      <param name="maxPages">10</param>
      <module name="RowNumbers" layoutPanel="resultsOptions">
        <module name="DataOverlay" layoutPanel="resultsAreaLeft">
          <module name="SimpleResultsTable" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="drilldown">all</param>
            <module name="ConvertToIntention">
              <param name="intention">
                <param name="name">addterm</param>
                <param name="arg">
                  <param name="source">$click.value$</param>
                </param>  
              </param>
              <module name="ConvertToIntention">
                <param name="intention">
                  <param name="name">addterm</param>
                  <param name="arg2">
                    <param name="source">$click2.value$</param>
                  </param>  
                </param>
                <module name="ViewRedirector">
                  <param name="viewTarget">YourView2</param>
                  <param name="popup">True</param>
                </module>
              </module>
            </module>
          </module>
          <module name="Paginator" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="maxPages">10</param>
          </module>
        </module>
      </module>
    </module>
  </module>
</module>
0 Karma
Reply

vgnoc
Explorer
‎10-03-2012 01:54 AM

Hi,
Below is the output from the device
Oct 3 09:45:28 172.18.1.221 Website=xxx:80 ClientIP=xxx.xxx.xxx.235 HTTP_Method=POST URL="/" HTTP_Version=HTTP/1.1 User_Agent=Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 HTTP_Referer="http://xxxx/" Request_Start_Time=2012/10/03 09:46:15 Request_Length=1424 Request_Elapsed_Time=26 Server=xxx.xxx.xxx.xxx:80 HTTP_Status=302 Response_Start_Time=2012/10/03 09:46:15 Response_Length=147

The search then picks up the ClientIP, dedups it so i know how many individual clients and then locates in the world using geoip. The table i generate with the above will then list clients per a country, but ideally i would like to drill down into the table and get the ips for clients in that country.

Any help greatly apprecitated.
Keith

0 Karma
Reply

MatthewTowey
Path Finder
‎06-14-2012 01:47 AM

02 May 2012 08:14:31:411 INFO [Fix message assembler] in.FMRFIBOOM_BLPUS - <13 NewOrderSingle (8=FIX.4.4|9=123|35=D|56=BLPUS|49=FMRFIBOOM|52=20120502-12:14:31|34=15|54=8|55=IBM|38=15200|44=27|11=Order8|21=2|60=20120502-12:14:31|40=7|10=118|)
this is an example log entry i want to select both 56= and 49=
the search string has not been specified yet ! I seen an example or two where the clicks where replacing specific fields e.g a user name and associated i.p for that log on but at the moment i'm just been requested to provide 2 click selection on a universal search! Hope that makes more sense!

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎06-13-2012 09:59 AM

Can you describe in more detail what the search looks like, what the results look like, and the problems you are having with the drilldown? I can't tell that from the code sample you have provide above (thanks for the code, though!).

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...