Solved: Re: Specify drill down search

paddy3883 · ‎10-19-2012

I'm relatively new to Splunk and am creating a new view to display the average timings of certain events over the past 5 mins. I've created a macro search to carry out the search which takes two parameters (transaction name and duration to search), so in my first panel this is EVENT_*_LOGIN and -5m. The view currently displays a simple table of results per distinct event name.

What I would like to do is when a user clicks on a particular row it will drill down to timeline view of all events for that transaction over the past 4 hours. Is there a way to specify the information a click or drill down displays?

Apologies if this vague, please message me if more info. needed.

paddy3883 · ‎10-22-2012

I found the way to do this within the Advanced XML documentation

View solution in original post

paddy3883 · ‎10-22-2012

I found the way to do this within the Advanced XML documentation

paddy3883 · ‎11-29-2012

Hi yes I think it is, I asked the query during my initial learnings of Splunk. http://docs.splunk.com/Documentation/Splunk/latest/Viz/Dynamicdrilldownindashboardsandforms might prove useful

smolcj · ‎11-29-2012

is it possible to do it in simple xml?

Specify drill down search

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector