Hello Splunksters,

I would like to select a row in my table and have it open a new panel under the originating panel with another output table only using the selected row criteria. How could I make this happen?

Currently, I see posts about dynamic -drill downs sending to template pages external pages, etc. I also see drill-down updating chart criteria in the docs and "answers" posts.. nothing helps me with my use case, using the tables.

Here is the originating panel code I am working with:

    <panel>
      <title>Activity</title>
      <table>
        <title>Activity</title>
        <search>
          <query>index="main" eventtype="special" NOT tag::eventtype=noise |  sort - _time|  table _time src_ip user name field</query>
          <earliest>$field3.earliest$</earliest>
          <latest>$field3.latest$</latest>
        </search>
        <option name="count">10</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">preview</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">false</option>
      </table>
    </panel>

I would like the "destination" "drop-down" panel to output to the same format table, simply with data comprised of the originating selection.

Thanks much for the help!!

(Simple XML is throwing me for a loop) 😉