Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search drilldown - limited clickability

mhaurosh
Explorer
‎08-10-2012 03:19 AM

we use 'HiddenSearch' with 'ConvertToIntention' to display results from the 2nd search in the same view.

How can we may only the "Lease IP" cell clickable but not other columns?

Below is the view:



      
        sourcetype=ib:dhcp:lease_history index=ib_dhcp_lease_history | rename host as "Member", ACTION as "Action", LEASE_IP as "Lease IP" | table _time, Member, Action, "Lease IP"
    
        
          true
          false
          
            results
            
            all
            
            
                      sourcetype=ib:dhcp:lease_history index=ib_dhcp_lease_history | rename host as "Member", ACTION as "Action", LEASE_IP as "Lease IP" | table _time, Member, Action, "Lease IP"
    


                        
                          addterm
                          
                            $click.value2$
                          
                         


                
                  results
                  
                DHCP Lease History for LEASE IP=$click.value2$
                  
                 


                       
             
         

 
          
          
            addinfo | eval TUPDATE=strftime(info_search_time, "%Y-%m-%d %H:%M:%S %Z")
            
              TUPDATE
              Last Updated:

Thanks!

Michael

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎08-10-2012 12:47 PM

Well if you want to keep using just the core splunk modules, what I recommend is

1) change the "drilldown" param of your table from "all" to "row". This will make the entire row highlight instead of the given cell. This will also make the click.value be the first row of the table, no matter what.

2) You then of course have to reorder the fields with your table command, such that the LEASE IP field is indeed the first column.

If you want to eliminate the need to re-order your fields then you could start using Sideview Utils in your views, because Sideview Utils patches the SimpleResultsTable module so as to output other keys like $click.fields.Lease IP$ so you can use more than just the first column value. You'd also get some side bonuses, like you wouldn't need to use ConvertToIntention anymore.

http://sideviewapps.com/apps/sideview-utils/

Reply

mhaurosh
Explorer
‎08-13-2012 07:43 AM

Sideview Utils is exactly what was needed.
Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Splunk Observability Cloud continues to evolve, empowering engineering and operations teams with advanced ...