All Apps and Add-ons

How do I create a custom drill down menu option from the event tab on a specific field value?

kbcall
Explorer

I am looking for a way to create a custom drill down menu option from the Event tab on a specific field value. The example is shown below. When the user clicks on the Execution_ID field value I would like to add a menu option to "View Execution Error" that would run a dbxquery passing in the Execution_ID value. Is this possible and if so can you send me instructions on how.

alt text

0 Karma

kbcall
Explorer

Looks like I may have found a solution. This solution does not add a menu item to the field click but to the Event Actions. Adding to the menu click would be better and easier for our users to navigate with. If anyone know how to customize that menu please let me know.

alt text

0 Karma

tmuth_splunk
Splunk Employee
Splunk Employee

Not sure you can add custom drilldowns from just a search, but you could do this in a dashboard easily. There are examples in the doc here: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Viz/DrilldownIntro

You might do it with 2 Dashboards:

  1. The 1st dashboard is just a report like you're showing above that links via drilldown to the 2nd dashboard
  2. The 2nd dashboard has a token on it called exec_id_tok. You will set that token via url from the 1st dashboard.

The query on the second dashboard might look like:

| dbxquery connection=some_db query="select * from some_table where execution_id = $exec_id_tok$ "
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...