Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Problems to drill down Windows path

gfreitas
Builder
‎02-07-2014 12:47 PM

Hi people I'm having some issues in a chart drill down that has Windows paths (like: C:\Users\Administrator). When I click in the windows paths to drill down it passes to the next dashboard the variable of the windows path (C:\Users\Administrator) and the search of the next dashboard cannot find any data since splunk search must double back slash to search properly.
If I do a search like: "sourcetype=src1 path="C:\Users\Administrator"" I cannot find any results, but If I search using this: "sourcetype=src1 path:"C:\\Users\\Administrator"" I can find the results. Is there any automatic way to transforms this single back slash into two back slashes (\\) maybe using eval.
Here are some data that may help you understand better:

Log:
date=10:16:08.000 AM 2/7/2014 10:16:08 path="C:\Users\Administrator" file=file.exe risk=High
date=10:12:33.000 AM 2/7/2014 05:39:28 path="C:\Users\Administrator" file=blocker.exe risk=High

Can someone help me?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

gfreitas
Builder
‎02-07-2014 01:06 PM

I found how:

instead of doing all in the same search string, I must pipe it to where and trim the directory

| where path=rtrim("$dir$ ")

View solution in original post

Reply
Solved! Jump to solution

afsalkh
New Member
‎03-12-2020 04:21 AM

How to achieve this if I want to navigate to a folder path
Consider the result of splunk query
Name| path
Path1 | \abc\p1
Path2 | \abc\p2

I want to click and navigate to the paths .

For weburls i can achieve using $click.value2|n$
But in the case of folders and shared paths how to achieve this???

0 Karma
Reply
Solved! Jump to solution
Solution

gfreitas
Builder
‎02-07-2014 01:06 PM

I found how:

instead of doing all in the same search string, I must pipe it to where and trim the directory

| where path=rtrim("$dir$ ")

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...