https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545213#M12173 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aferns0804_0-1616613803021.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/13468i83CD6E8493440D61/image-size/medium?v=v2&amp;px=400" role="button" title="aferns0804_0-1616613803021.png" alt="aferns0804_0-1616613803021.png" /></span></P><P>I have this panel which keeps updating with new alerts(query posted in my earlier post). When I click on the alert, it should show me events on the same dashboard.&nbsp;</P><P>&nbsp;</P> Wed, 24 Mar 2021 19:40:28 GMT aferns0804 2021-03-24T19:40:28Z https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545188#M12165 <P>index=_audit action=alert_fired ss_app="Threats_App"<BR />| eval ttl=expiration-now()<BR />| search ttl&gt;0<BR />| convert ctime(trigger_time)<BR />| sort - trigger_time<BR />| table trigger_time ss_name severity<BR />| rename trigger_time as "Alert Time" ss_name as "Alert Name" severity as "Severity"</P><P>I created a dashboard, panel with above query in it. It is looking for triggered alerts from my app. I want to display the results(stats) of the triggered alerts in a different panel below that in the same dashboard.&nbsp;</P><P>so its like " here are the alerts fired and when u click the alert name, it shows the stats(results) of that alert. Implementing this , I can see multiple alerts and the results of those alerts in the same dashboard"&nbsp;</P><P>I do not want to install additional apps, so please help me with this query only. Please do not suggest apps for a simple solution. Thanks&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 24 Mar 2021 17:11:39 GMT https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545188#M12165 aferns0804 2021-03-24T17:11:39Z https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545197#M12166 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/232662">@aferns0804</a>&nbsp;,</P><P>I understand 50% of your question, but I did not get what you are referring the result(stats) of the alert means?<BR /><BR />To implement the concept, you can use the drildown option for the respective panel to populate the token value and create a another panel which will use this token as input in the query.</P> Wed, 24 Mar 2021 17:59:43 GMT https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545197#M12166 impurush 2021-03-24T17:59:43Z https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545213#M12173 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aferns0804_0-1616613803021.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/13468i83CD6E8493440D61/image-size/medium?v=v2&amp;px=400" role="button" title="aferns0804_0-1616613803021.png" alt="aferns0804_0-1616613803021.png" /></span></P><P>I have this panel which keeps updating with new alerts(query posted in my earlier post). When I click on the alert, it should show me events on the same dashboard.&nbsp;</P><P>&nbsp;</P> Wed, 24 Mar 2021 19:40:28 GMT https://community.splunk.com/t5/Security/Creating-a-custom-SOC-monitoring-dashboard-using-triggered/m-p/545213#M12173 aferns0804 2021-03-24T19:40:28Z