Knowledge Management

Is it possible to have multiple possibility of drilldown, based on the same field ?

bugnet
Path Finder

hi all,
Is it possible to have multiple possibility of drilldown, based on the same field ?
I have table with a column "source_ip". I need to open a few options when clicking on the source IP address - for example 1.Blocke IP 2.Release IP

My existing drilldown allows me only to open one link.

<drilldown>
           <link>
          http://192.168.1.1/blockscript?ip=$row.source_ip$
            </link>
 </drilldown>

How could I achieve that ?

Tags (1)
0 Karma

bugnet
Path Finder

Not so helpful to me. More ideas?

0 Karma

niketn
Legend

Can you add two column to each row of output in your table?

<YourBaseSearchToPrintTableWithSourceIP>
| eval Blocked="Blocked IP"
| eval Source="Source IP"

Then code your drilldown based on which column was clicked and pick up the $row.source_ip$ for both with different base URLs as per your need when a row in either Blocked or Source IP column is clicked.

     <condition field="Blocked">
        <link>
              http://192.168.1.1/blockscript?ip=$row.source_ip$
         </link>
     </condition>
     <condition field="Source">
        <link>
              http://<AnotherURL>?ip=$row.source_ip$
         </link>
     </condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

woodcock
Esteemed Legend

Have you looked at workflow actions? Unfortunately these do not work in table visualization panels but they DEFINITELY should (please somebody open an ER).

http://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...