Hi All,

I am trying to work out if this is even possible with drilldowns and forms.

At the end of this post is a very simple form which searches an apache logfile and generates a table of all clientIP addresses. I understand the form is useless as it will cause the table to only show one result. I have just dumbed it down so I can get an answer to the question.

The form allows the user to enter an IP address to restrict by which is then passed onto the search.

Question: Is there a way to setup a drilldown on the table whereby when the user clicks on an IP address it is populated to the form field and the search is performed again?

I have looked through all the advanced XML queries and demos but I cant seem to find one that behaves in this manner. Is it even possible?

    <form class="formsearch">
    <label>Client Details</label>

    <fieldset>
        <input type="text" token="clientIP" searchWhenChanged="false">
            <default>*</default>
        </input>
    <input type="time" searchWhenChanged="false"/>
    </fieldset>

    <row>
        <table>
            <title>Top client IP addresses</title>
            <searchTemplate>index=webserver (sourcetype=access_combined OR sourcetype=vhost_access_combined) clientip="$clientIP$" | top limit=10 clientip</searchTemplate>
        </table>
    </row>
</form>