Hi,
Looking this documentation, you should be able to create a workflow.
http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Knowledge/CreateworkflowactionsinSplunkWeb
- Navigate to Settings > Fields > Workflow actions.
- Click New to create a workflow action.
- For the Destination App, select search.
- For Name, type: get_whois_info
- For Label, type: Get info for IPaddress: $src_ip$
- For Apply only to the following fields, type: src_ip
- For Action type, make sure link is selected.
- For URI, type: https://www.tcpiputils.com/browse/ip-address/$src_ip$
- From the Open link in drop down menu, make sure New window is selected.
- From the Link Method drop down menu, make sure get is selected.
- Save your workflow action.
- Verify your workflow action works as expected. Return to the Search & Reporting app and search for
sourcetype="" src_ip="" over the last 4 hours.
- Expand the first event and click Event Actions.
- Click Get info for IPaddress: {src_ip}.
A secondary browser window should open to the URI and display the IP address information.
I'm not exactly sure how this should be add to Dashboard.
Maybe this can be helpful.
G