Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to drilldown link to compose a message passed the clicked value to the recipient field

johnward4
Communicator
‎10-29-2018 10:51 AM

I have a dashboard for my ticketing system. Main panel shows a Timechart span=1mon for tickets by category (past 6 months). I have a drilldown panel to show me the top users for each category within the month you select.

In this drilldown panel, I have a table that shows .... User, Manager_Email, Count

I'm asking how can I add a drilldown on the Manager_Email field to send an email passing this field value as the recipient. Extra would be to Add a default subject line and pass the User field there, e.g. $selectUser$ has generated $selectCount$ tickets for $selectCategoryName$.

Main Panel Query : 

index=ticketsys TicketID=* sourcetype="tickets"
| dedup TicketID 
| timechart span=1mon count by CategoryName useother=f usenull=f

Drilldown to Top Users by User for Month : 

index=ticketsys TicketID=* CategoryName="$selectCatName$" sourcetype="tickets"  
| eval srchMonth=strftime(_time,"%m") 
| search srchMonth=$selectTime$
| dedup TicketID 
| stats count by CategoryName, contact, ManagerUsername
| strcat ManagerUsername "@gmail.com" Manager_Email
| rename contact as Requester 
| head 10
| table CategoryName, Requester, Manager_Email, count
| sort - count
0 Karma
Reply

renjith_nair
Legend
‎10-29-2018 10:58 PM

@johnward4,
You shall try using drilldown 'search' to send a mail using sendmail command if that works for you.

Select drilldown from the table and link to search. use custom search and use the tokens inside 

|makeresults| sendemail to=example@splunk.com server=mail.example.com subject="Information about ticket count generated by $selectUser$" message=" $selectUser$ has generated $selectCount$ tickets for $selectCategoryName$."

http://docs.splunk.com/Documentation/Splunk/7.2.0/Viz/DrilldownLinkToSearch

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...