Hi Everyone,

Below are my logs:

RID:492e0bd2-d3c4-4d28-a318-c4aee5f4e0-of1-team_a-dmrupload ARC_EL:ARC_1100:  EVENT RECEIVED FROM SOURCE 

This is the RID 492e0bd2-d3c4-4d28-a318-c4aee5f4e0 that I have extracted from the logs:

My search query:

index=ABCns=XYZ app_name=api  22abe6c4-6eaf-4d47-8c4a-79b2594e

 Each RID has gone through  different events like for this RID"22abe6c4-6eaf-4d47-8c4a-79b2594e" as we have seen in the below logs it has gone through the events like "ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF" and "ARC SUCCESSFULLY RECEIVED RESPONSE FROM TARGET" etc.

2020-09-30T05:03:34.604056922Z app_name=ABC environment=e1ns=HJ pod_container=api pod_name=deployment-20-lmkq6 message=2020-09-29 22:03:34.602 INFO [blaze-arc-service,,,] 1 --- [ elastic-3] c.a.b.a.c.s.impl.SFCallbackService : RID:22abe6c4-6eaf-4d47-8c4a-79b2594ea612-of1-team_g ARC_EL:ARC_1600: ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF

2020-09-30T05:03:34.604056922Z app_name=ABC environment=e1ns=HJ pod_container=api pod_name=deployment-20-lmkq6 message=2020-09-29 22:03:34.602 INFO [blaze-arc-service,,,] 1 --- [ elastic-3] c.a.b.a.c.s.impl.SFCallbackService : RID:22abe6c4-6eaf-4d47-8c4a-79b2594ea612-of1-team_g ARC_EL:ARC_1600: ARC SUCCESSFULLY RECEIVED RESPONSE FROM TARGET

what I want is now when I click on one particular RID suppose as a hyperlink it should open the events and if the RID has gone through the events it should be right tick otherwise cross.

Below are my events:

• ARC EVENT RECEIVED FROM SOURCE 
• ARC FAILED TO INVOKE TARGET END POINT 
• ARC SUCCESSFULLY RECEIVED RESPONSE FROM TARGET 
• ARC FAILED TO RECEIVE RESPONSE FROM TARGET 
• ARC SUCCESSFULLY UPDATED RESPONSE BACK TO SOURCE OR SF 
• ARC FAILED TO UPDATE RESPONSE BACK TO SOURCE OR SF 
• ARC FAILED TO DOWNLOAD FILE FROM SOURCE OR SF 
• ARC S3 UPLOAD FAILED 

Is that possible in splunk?

Can someone guide me on that.