This widget could not be displayed.
  • ">Apps & Add-ons
  • All Apps and Add-ons

    How do I create a custom drill down menu option from the event tab on a specific field value?

    kbcall
    Explorer

    I am looking for a way to create a custom drill down menu option from the Event tab on a specific field value. The example is shown below. When the user clicks on the Execution_ID field value I would like to add a menu option to "View Execution Error" that would run a dbxquery passing in the Execution_ID value. Is this possible and if so can you send me instructions on how.

    alt text

    0 Karma

    kbcall
    Explorer

    Looks like I may have found a solution. This solution does not add a menu item to the field click but to the Event Actions. Adding to the menu click would be better and easier for our users to navigate with. If anyone know how to customize that menu please let me know.

    alt text

    0 Karma

    tmuth_splunk
    Splunk Employee
    Splunk Employee

    Not sure you can add custom drilldowns from just a search, but you could do this in a dashboard easily. There are examples in the doc here: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Viz/DrilldownIntro

    You might do it with 2 Dashboards:

    1. The 1st dashboard is just a report like you're showing above that links via drilldown to the 2nd dashboard
    2. The 2nd dashboard has a token on it called exec_id_tok. You will set that token via url from the 1st dashboard.

    The query on the second dashboard might look like:

    | dbxquery connection=some_db query="select * from some_table where execution_id = $exec_id_tok$ "
    
    0 Karma
    Get Updates on the Splunk Community!

    Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

    WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

    Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

    Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

    Enterprise Security Content Update (ESCU) | New Releases

    In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...