https://community.splunk.com/t5/Dashboards-Visualizations/Perform-GET-or-POST-action-depending-on-table-value/m-p/524636#M35549 <P>Hi all. I am generating a dashboard table containing possible indicators of compromise observed on a network. Included in the search that generates the table is...</P><P><BR />| eval ActionText=if('model'="Watchlisted domain","Check on Virus Total",(mvappend("Check on Virus Total","Add to Watchlist")))<BR /><BR /></P><P>Along with the rest of the search I end up with a table like this...</P><P>... | IoC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ... | model&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ActionText&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ... | ...</P><P>-------------------------------------------------------------------------------------</P><P>... | &lt;domain&gt; | ... | Watchlisted domain | Check on Virus Total | ... | ...&nbsp;</P><P>... | &lt;domain&gt; | ... | Suspicious domain&nbsp; &nbsp;|&nbsp;Check on Virus Total | ... | ...</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Add to Watchlist&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</P><P>... | &lt;domain&gt; | ... | Watchlisted domain | Check on Virus Total | ... | ...&nbsp;</P><P>&nbsp;</P><P>I would like to configure a drilldown so that clicking on "Check on Virus Total" in the table will perform a GET request using the IoC field as a token, and a POST action to an internal API when I click on "Add to Watchlist", again using the IoC from the corresponding row/event.</P><P>Any ideas for a starting point?</P> Wed, 14 Oct 2020 13:54:23 GMT Dworsnop 2020-10-14T13:54:23Z https://community.splunk.com/t5/Dashboards-Visualizations/Perform-GET-or-POST-action-depending-on-table-value/m-p/524636#M35549 <P>Hi all. I am generating a dashboard table containing possible indicators of compromise observed on a network. Included in the search that generates the table is...</P><P><BR />| eval ActionText=if('model'="Watchlisted domain","Check on Virus Total",(mvappend("Check on Virus Total","Add to Watchlist")))<BR /><BR /></P><P>Along with the rest of the search I end up with a table like this...</P><P>... | IoC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ... | model&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ActionText&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| ... | ...</P><P>-------------------------------------------------------------------------------------</P><P>... | &lt;domain&gt; | ... | Watchlisted domain | Check on Virus Total | ... | ...&nbsp;</P><P>... | &lt;domain&gt; | ... | Suspicious domain&nbsp; &nbsp;|&nbsp;Check on Virus Total | ... | ...</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Add to Watchlist&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</P><P>... | &lt;domain&gt; | ... | Watchlisted domain | Check on Virus Total | ... | ...&nbsp;</P><P>&nbsp;</P><P>I would like to configure a drilldown so that clicking on "Check on Virus Total" in the table will perform a GET request using the IoC field as a token, and a POST action to an internal API when I click on "Add to Watchlist", again using the IoC from the corresponding row/event.</P><P>Any ideas for a starting point?</P> Wed, 14 Oct 2020 13:54:23 GMT https://community.splunk.com/t5/Dashboards-Visualizations/Perform-GET-or-POST-action-depending-on-table-value/m-p/524636#M35549 Dworsnop 2020-10-14T13:54:23Z