Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to pass the username of a logged in user to a drilldown link?

cse9423
Explorer
‎09-30-2015 09:10 PM

Hello,

I want to pass logged-in user name in a drilldown link. I have a search to fetch the logged-in user, but I don't know how to pass in a drilldown.

<panel>
  <table>
    <title>result </title>
    <search>
      <query> index=main sourcetype=log2 | table field1, field2 </query>
    </search>
    <drilldown target="Status">
      <link>http://mylink?value=$click.value$&username=???????need to pass logged-in user name????????</link>
    </drilldown>         
  </table>
</panel>

This search provides the logged-in user: 

<query> | rest splunk_server=local /services/authentication/current-context | table username </query>
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-01-2015 07:39 AM

You can achieve it like this (will work on any splunk instance)

Steps done:
1) Added a field called username to all the rows of the table using current user query.
2) Used fields tag to specify what columns will be displayed on table (basically remove username from display). The hidden field will still be available with token $row.fieldname$
3) updated to drilldown to use username from the table rows.

<dashboard>
  <label>tobedeleted</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| tstats min(_time) as _time WHERE index=_* by sourcetype | eval username=[| rest splunk_server=local /services/authentication/current-context | table username | eval username="\"".username."\"" | return $username]</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="count">10</option>
        <drilldown target="new window">
          <link>http://www.google.com?loguser=$row.username$&amp;valuefield=$click.value$</link>
        </drilldown>
        <fields>["sourcetype","_time"]</fields>
      </table>
    </panel>
  </row>
</dashboard>

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-01-2015 07:39 AM

You can achieve it like this (will work on any splunk instance)

Steps done:
1) Added a field called username to all the rows of the table using current user query.
2) Used fields tag to specify what columns will be displayed on table (basically remove username from display). The hidden field will still be available with token $row.fieldname$
3) updated to drilldown to use username from the table rows.

<dashboard>
  <label>tobedeleted</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| tstats min(_time) as _time WHERE index=_* by sourcetype | eval username=[| rest splunk_server=local /services/authentication/current-context | table username | eval username="\"".username."\"" | return $username]</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">row</option>
        <option name="count">10</option>
        <drilldown target="new window">
          <link>http://www.google.com?loguser=$row.username$&amp;valuefield=$click.value$</link>
        </drilldown>
        <fields>["sourcetype","_time"]</fields>
      </table>
    </panel>
  </row>
</dashboard>
Reply
Solved! Jump to solution

cse9423
Explorer
‎10-01-2015 12:58 PM

Thanks. This works.

0 Karma
Reply
Solved! Jump to solution

tom_frotscher
Builder
‎10-01-2015 12:30 AM

Hi,

$click.value$ is the leftmost value of your table. $click.value2$ is the value you clicked on. You can also use $row.fieldname$, where fieldname is the column of your table you want the value from.

So in your case try it with $row.username$

Greetings

Tom

Reply
Solved! Jump to solution

cse9423
Explorer
‎10-01-2015 06:23 AM

Tom, Thanks for your reply. Somehow it doesn't work for me. This is how i have.

  <panel>
  <table>
    <title>User current</title>
    <search>
      <query> | rest splunk_server=local /services/authentication/current-context | table username </query>
    </search>
    <option name="wrap">true</option>
    <option name="rowNumbers">false</option>
    <option name="drilldown">cell</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">10</option>
  </table>
</panel>



<panel>
  <table>
    <title>function</title>
    <search>
      <query> index=main sourcetype=log | table field1, field2 </query>
    </search>
    <drilldown target="new window">
      <link>http://www.site1.com?valuefield=$click.value$&amp;loguser=$row.username$</link>
    </drilldown>         
  </table>
</panel>
0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...