Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I assign dropdown links in a table with events from two sourcetypes where one of them is an inputlookup and the other one is a regular index search?

Aishwaryagirish
Engager
‎08-10-2018 08:13 AM

For example, the table is like this
time description vendor1
time description vendor2
time description vendor1
When I click vendor1-its a regular index based search. But vendor 2, it should go the search based on inputlookup.
Please help. Thanks

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎08-11-2018 01:38 PM

To build on what @dal said, you would do something like this:

| eval _search_str=if(vendor=="vendor1", "vendor1 SPL here", "vendor2 SPL here")

Then reference _search_str in your drilldown.

0 Karma
Reply

DalJeanis
Legend
‎08-10-2018 08:31 PM

You will need to add another, hidden column, which identifies what kind of search it should, and creates the appropriate search language. Here's an answer that describes it a little more fully -

https://answers.splunk.com/answers/26825/drilldown-from-a-hidden-column.html

Presumably there will be more than two vendors in your dropdown, so that method will be the most appropriate. If there were only two, then use radio buttons, and have the radio button set the search language.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...