Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a drilldown to run a new search from clicking an item on a table?

aferone
Builder
‎04-07-2016 07:21 AM

I looked through the docs and other Splunk Answers, but it still isn't making sense to me, so please bear with me. 🙂

I have a simple "top" chart on a dashboard that lists web categories, their count, and percentage. I would like to be able to click on one of those categories and open a new search, in a new window (or tab), and insert that clicked category into a new search like this:

index=index type=type subtype=subtype action=action category=**CLICKED CATEGORY** | table _time srcip level dstip SourceZone reqtype service hostname url referralurl sentbyte rcvdbyte action msg catdesc crscore crlevel

How would I go about doing this?

Thanks for your continued, great help!

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎04-07-2016 09:35 AM

Here is some good documentation on this.

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

Basically, you will need to add a <drilldown target="_blank"> tag to your xml, something like this

    <drilldown target="_blank">
      <link>/app/search/search?q=search%20index%3D_internal%20sourcetype%3Dsplunkd%20log_level%3D$row.log_level$</link>
    </drilldown>

View solution in original post

Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎04-07-2016 09:35 AM

Here is some good documentation on this.

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

Basically, you will need to add a <drilldown target="_blank"> tag to your xml, something like this

    <drilldown target="_blank">
      <link>/app/search/search?q=search%20index%3D_internal%20sourcetype%3Dsplunkd%20log_level%3D$row.log_level$</link>
    </drilldown>
Reply
Solved! Jump to solution

aferone
Builder
‎04-07-2016 09:48 AM

Thanks for the answer! But how would I setup the link to a normal search like the example I have above?

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎04-07-2016 10:13 AM

You can basically use any URL encoder online tool to transform your query

Query that needs to be run:

 index=index type=type subtype=subtype action=action category=**CLICKED CATEGORY** | table _time srcip level dstip SourceZone reqtype service hostname url referralurl sentbyte rcvdbyte action msg catdesc crscore crlevel

URL Encoded search:

index%3Dindex+type%3Dtype+subtype%3Dsubtype+action%3Daction+category%3D%24row.category%24+%7C+table+_time+srcip+level+dstip+SourceZone+reqtype+service+hostname+url+referralurl+sentbyte+rcvdbyte+action+msg+catdesc+crscore+crlevel

OR can use this runanywhere splunk search do that

| gentimes start=-1 | eval url=urlencode("Enteryourfullsearch here. escaping of double quotes would be required")
0 Karma
Reply
Solved! Jump to solution

aferone
Builder
‎04-07-2016 10:11 AM

I actually got it working. Thanks for the help!

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...