Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to make table structure in link format?

aditsss
Motivator
‎07-28-2023 09:36 AM

Hi Team,

I have used below query:

index="abc*" sourcetype=600000304_gg_abs_ipc2 sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?<totalOutputRecords>), totalInputRecords=(?<totalInputRecords>),busDt=(?<busDt>),fileName=(?<fileName>),totalClosingBal=(?<totalClosingBal>)"|table _time totalOutputRecords totalInputRecords busDt fileName totalClosingBal

I have displayed the result in tabular format as shown below:

I want this to be in hyperlink format Can anyone please guide:

Capture1.PNG

Labels (3)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-28-2023 10:23 PM

Hi @aditsss,

as @richgalloway  said it isn0t clear what you mean with hyperlink.

If you mean that you want to drilldown opening a new search page or dashboard, you have to explore the drilldown feature.

this is a video that explain how to do it: https://www.google.com/search?q=Splunk+dashboard+drilldown&rlz=1C1VDKB_itIT1048IT1048&biw=1920&bih=9...

Ciao.

Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-28-2023 10:11 AM

What do you mean by "hyperlink format"?  What are you linking to?  What do you expect the output to look like?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

aditsss
Motivator
‎07-28-2023 10:50 AM

@richgalloway 

I want to show in link format or some underline format not plane table

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-28-2023 11:45 AM

That response answers none of my questions.  Please help me help you by provided the requested information.

Underlining is performed by the browser when it finds a URL.

Nothing in the example table lends itself to hyperlinking.  There is no domain name to connect to so any links created would be invalid.  They would look like this

https:///?_time=2023-07-06 08:44:06.168&totalOutputRecords=19011600&totalInputRecords=0&busDt=07/25/2023&fileName=SETTLEMENT_TRANSFORM_MERGE&totalClosingBal=8.51272677817E10

URL encoding will fix some of the problems with this link, but the lack of a destination is a non-starter.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

aditsss
Motivator
‎07-28-2023 11:48 AM

@richgalloway 

I want to create one hyperlink on clicking of which it will take to raw logs:

current code:

<row>
<panel>
<table>
<search>
<query>index="abc*" sourcetype=600000304_gg_abs_ipc2 sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?&lt;totalOutputRecords&gt;), totalInputRecords=(?&lt;totalInputRecords&gt;),busDt=(?&lt;busDt&gt;),fileName=(?&lt;fileName&gt;),totalClosingBal=(?&lt;totalClosingBal&gt;)"|table _time totalOutputRecords totalInputRecords busDt fileName totalClosingBal</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-28-2023 12:19 PM

Now I'm starting to understand the use case.

Normally, a dashboard panel presents data in a simplified form and then offers a drilldown into more specific information.  In this case, the table is the simple form and the drilldown would be to the raw data.  The drilldown is the "hyperlink" you seek.  Data in the table will not be underlined so users would have to be educated about the drilldown's availability (perhaps in the panel description).

<row>
<panel>
<table>
<search>
<query>index="abc*" sourcetype=600000304_gg_abs_ipc2 sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?&lt;totalOutputRecords&gt;), totalInputRecords=(?&lt;totalInputRecords&gt;),busDt=(?&lt;busDt&gt;),fileName=(?&lt;fileName&gt;),totalClosingBal=(?&lt;totalClosingBal&gt;)"|table _time totalOutputRecords totalInputRecords busDt fileName totalClosingBal</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">all</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<drilldown>
  <link target="_blank">search?q=index="abc*" sourcetype=600000304_gg_abs_ipc2 sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" _time=$row._time$ |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?&lt;totalOutputRecords&gt;), totalInputRecords=(?&lt;totalInputRecords&gt;),busDt=(?&lt;busDt&gt;),fileName=(?&lt;fileName&gt;),totalClosingBal=(?&lt;totalClosingBal&gt;)" | where (totalOuputRecords=$row.totalOuputRecords$ AND totalInputRecords=$row.totalInputRecords$ AND busDT=$row.busDT$ AND fileName=$row.fileName$ AND totalClosingBal=$row.totalClosingBal$)</link>
</drilldown>
</table>
</panel>
</row>

The drilldown link will have to be URL-encoded, but the dashboard editor UI will do that for you.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-29-2023 12:33 AM

You could add css to make the data appear like a link, but which field would you apply that to?

Here is a solution to another question showing this, but you would have to adapt it to suit your needs

Re: Highlight different values table Column in Spl... - Splunk Community

0 Karma
Reply

aditsss
Motivator
‎07-30-2023 12:53 AM

Hi @richgalloway  @ITWhisperer 

I tried like this below:

<row>
<panel>
<table>
<search>
<query>index="600000304_d_gridgain_idx*" sourcetype=600000304_gg_abs_ipc2 sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?&lt;totalOutputRecords&gt;), totalInputRecords=(?&lt;totalInputRecords&gt;),busDt=(?&lt;busDt&gt;),fileName=(?&lt;fileName&gt;),totalClosingBal=(?&lt;totalClosingBal&gt;)"|table _time totalOutputRecords totalInputRecords busDt fileName totalClosingBal</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<drilldown>
<link target="_blank">search?q=index="600000304_d_gridgain_idx*" sourcetype = "600000304_gg_abs_ipc2" " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData" source="/amex/app/gfp-settlement-transform/logs/gfp-settlement-transform.log" _time=$row._time$ |rex " AssociationProcessor - compareTransformStatsData : statisticData: StatisticData totalOutputRecords=(?&lt;totalOutputRecords&gt;), totalInputRecords=(?&lt;totalInputRecords&gt;),busDt=(?&lt;busDt&gt;),fileName=(?&lt;fileName&gt;),totalClosingBal=(?&lt;totalClosingBal&gt;)" | where (totalOuputRecords=$row.totalOuputRecords$ AND totalInputRecords=$row.totalInputRecords$ AND busDT=$row.busDT$ AND fileName=$row.fileName$ AND totalClosingBal=$row.totalClosingBal$)</link>
</drilldown>
</table>
</panel>
</row>

I am getting output like this:

Capture4.PNG

But clicking on it its not showing drilldown or raw logs

Could you please guide

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-31-2023 05:17 AM

Two things to try:

1) Run the drilldown query in a search window by itself to verify it works.  Make changes as necessary then transfer the resulting query back to the dashboard.

2) Enter the drilldown query using the Dashboard Editor UI rather than by editing the dashboard source directly.  This will ensure the query is properly encoded.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

aditsss
Motivator
‎07-30-2023 03:45 AM

@ITWhisperer @richgalloway 

Could you please guide here

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...