Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible to have multiple possibility of drilldown, based on the same field ?

bugnet
Path Finder
‎04-23-2017 03:05 AM

hi all,
Is it possible to have multiple possibility of drilldown, based on the same field ?
I have table with a column "source_ip". I need to open a few options when clicking on the source IP address - for example 1.Blocke IP 2.Release IP

My existing drilldown allows me only to open one link.

<drilldown>
           <link>
          http://192.168.1.1/blockscript?ip=$row.source_ip$
            </link>
 </drilldown>

How could I achieve that ?

Tags (1)
0 Karma
Reply

bugnet
Path Finder
‎04-25-2017 11:29 PM

Not so helpful to me. More ideas?

0 Karma
Reply

niketn
Legend
‎04-23-2017 09:04 PM

Can you add two column to each row of output in your table?

<YourBaseSearchToPrintTableWithSourceIP>
| eval Blocked="Blocked IP"
| eval Source="Source IP"

Then code your drilldown based on which column was clicked and pick up the $row.source_ip$ for both with different base URLs as per your need when a row in either Blocked or Source IP column is clicked.

     <condition field="Blocked">
        <link>
              http://192.168.1.1/blockscript?ip=$row.source_ip$
         </link>
     </condition>
     <condition field="Source">
        <link>
              http://<AnotherURL>?ip=$row.source_ip$
         </link>
     </condition>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

woodcock
Esteemed Legend
‎04-23-2017 03:32 PM

Have you looked at workflow actions? Unfortunately these do not work in table visualization panels but they DEFINITELY should (please somebody open an ER).

http://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...