Is there any way to use xml to add more custom URL...

karu0711 · ‎10-31-2022

In my dashboard I need to add multiple custom URL but Drilldown only allow me to add one custom url. Is there any way I can use xml to add more Custom URL. Below are my xml code.

[ <row>
<panel>
<table>
<search>
<query>index="main" sourcetype="cisco.json" findings{}.issue_type=* findings{}.cwe_id=* findings{}.severity=*
| table findings{}.severity findings{}.cwe_id findings{}.issue_type findings{}.flaw_details_link
| rename findings{}.severity as Severity1,findings{}.cwe_id as CWE_ID1,findings{}.issue_type AS Name1 findings{}.flaw_details_link AS "More_Info"
| eval Severity = mvdedup(Severity1)
| eval CWE_ID = mvdedup(CWE_ID1)
| eval Name = mvdedup(Name1) | eval More Info = mvdedup(More_Info)
| table Severity CWE_ID Name "More Info"</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">50</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<drilldown>
<link target="_blank">https://downloads.cisco.com/securityscan/cwe/v4/xmla/78.html</link>
</drilldown>
</table>
</panel>
</row> ]

johnhuang · ‎10-31-2022

You can utilize condition match to set the link target.

https://kinneygroup.com/blog/mastering-splunk-drilldowns-with-conditions/

Is there any way to use xml to add more custom URL?

dashboard

drilldown

simple XML

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?