I am trying to work out if this is even possible with drilldowns and forms.
At the end of this post is a very simple form which searches an apache logfile and generates a table of all clientIP addresses. I understand the form is useless as it will cause the table to only show one result. I have just dumbed it down so I can get an answer to the question.
The form allows the user to enter an IP address to restrict by which is then passed onto the search.
Question: Is there a way to setup a drilldown on the table whereby when the user clicks on an IP address it is populated to the form field and the search is performed again?
I have looked through all the advanced XML queries and demos but I cant seem to find one that behaves in this manner. Is it even possible?
There was a very similar question recently and I advised the asker to download Sideview Utils and check out how it's done using those modules to augment the core Splunk modules. This is a pretty core use case of Sideview Utils, and the ability to drilldown and prepopulate elements in form search views is one of the main reasons I created the framework.