How do I create a custom drill down menu option fr...

kbcall · ‎09-19-2017

I am looking for a way to create a custom drill down menu option from the Event tab on a specific field value. The example is shown below. When the user clicks on the Execution_ID field value I would like to add a menu option to "View Execution Error" that would run a dbxquery passing in the Execution_ID value. Is this possible and if so can you send me instructions on how.

kbcall · ‎09-19-2017

Looks like I may have found a solution. This solution does not add a menu item to the field click but to the Event Actions. Adding to the menu click would be better and easier for our users to navigate with. If anyone know how to customize that menu please let me know.

tmuth_splunk · ‎09-19-2017

Not sure you can add custom drilldowns from just a search, but you could do this in a dashboard easily. There are examples in the doc here: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Viz/DrilldownIntro

You might do it with 2 Dashboards:

The 1st dashboard is just a report like you're showing above that links via drilldown to the 2nd dashboard
The 2nd dashboard has a token on it called exec_id_tok. You will set that token via url from the 1st dashboard.

The query on the second dashboard might look like:

| dbxquery connection=some_db query="select * from some_table where execution_id = $exec_id_tok$ "

How do I create a custom drill down menu option from the event tab on a specific field value?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases