Knowledge Management

Is it possible to have multiple possibility of drilldown, based on the same field ?

bugnet
Path Finder

hi all,
Is it possible to have multiple possibility of drilldown, based on the same field ?
I have table with a column "source_ip". I need to open a few options when clicking on the source IP address - for example 1.Blocke IP 2.Release IP

My existing drilldown allows me only to open one link.

<drilldown>
           <link>
          http://192.168.1.1/blockscript?ip=$row.source_ip$
            </link>
 </drilldown>

How could I achieve that ?

Tags (1)
0 Karma

bugnet
Path Finder

Not so helpful to me. More ideas?

0 Karma

niketnilay
Legend

Can you add two column to each row of output in your table?

<YourBaseSearchToPrintTableWithSourceIP>
| eval Blocked="Blocked IP"
| eval Source="Source IP"

Then code your drilldown based on which column was clicked and pick up the $row.source_ip$ for both with different base URLs as per your need when a row in either Blocked or Source IP column is clicked.

     <condition field="Blocked">
        <link>
              http://192.168.1.1/blockscript?ip=$row.source_ip$
         </link>
     </condition>
     <condition field="Source">
        <link>
              http://<AnotherURL>?ip=$row.source_ip$
         </link>
     </condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

woodcock
Esteemed Legend

Have you looked at workflow actions? Unfortunately these do not work in table visualization panels but they DEFINITELY should (please somebody open an ER).

http://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...