Heres a 3rd option if its helpful?
This starts off with a hidden panel, clicking on the row in the table sets a token containing the full URL, which unhides the panel and displays the full URL for the clicked row.
<dashboard version="1.1">
<label>Long URL demo (makeresults + hidden full value)</label>
<row>
<panel>
<table>
<search>
<query>| makeresults count=5
| streamstats count
| eval schemes=split("https,https,https,http,http", ",")
| eval hosts=split("alpha.example.com,beta.example.org,gamma.example.net,delta.example.io,epsilon.example.dev", ",")
| eval paths=split("shop/products/42,blog/2024/10/15/welcome,api/v1/users/12345/profile,media/images/2024/10/banner,docs/guides/install/linux", ",")
| eval queries=split("ref=newsletter&utm=fall,?tag=splunk&src=forum,?session=abc123&feature=beta,?size=large&color=blue,?step=1&mode=advanced", ",")
| eval fragments=split("#top,#comments,#details,#preview,#faq", ",")
| eval url_full=mvindex(schemes,count-1)."://".mvindex(hosts,count-1)."/".mvindex(paths,count-1).mvindex(queries,count-1).mvindex(fragments,count-1)
| eval host="web-server-00".count
| eval _full_url=url_full
| eval url_display=if(len(url_full)>60, substr(url_full,1,60)."…", url_full)
| table host url_display _full_url</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">row</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<set token="full_url_token">$row._full_url$</set>
</drilldown>
</table>
</panel>
</row>
<row depends="$full_url_token$">
<panel>
<html>
<h3>Full URL</h3>
<p>$full_url_token$</p>
</html>
</panel>
</row>
</dashboard>🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Heres a 3rd option if its helpful?
This starts off with a hidden panel, clicking on the row in the table sets a token containing the full URL, which unhides the panel and displays the full URL for the clicked row.
<dashboard version="1.1">
<label>Long URL demo (makeresults + hidden full value)</label>
<row>
<panel>
<table>
<search>
<query>| makeresults count=5
| streamstats count
| eval schemes=split("https,https,https,http,http", ",")
| eval hosts=split("alpha.example.com,beta.example.org,gamma.example.net,delta.example.io,epsilon.example.dev", ",")
| eval paths=split("shop/products/42,blog/2024/10/15/welcome,api/v1/users/12345/profile,media/images/2024/10/banner,docs/guides/install/linux", ",")
| eval queries=split("ref=newsletter&utm=fall,?tag=splunk&src=forum,?session=abc123&feature=beta,?size=large&color=blue,?step=1&mode=advanced", ",")
| eval fragments=split("#top,#comments,#details,#preview,#faq", ",")
| eval url_full=mvindex(schemes,count-1)."://".mvindex(hosts,count-1)."/".mvindex(paths,count-1).mvindex(queries,count-1).mvindex(fragments,count-1)
| eval host="web-server-00".count
| eval _full_url=url_full
| eval url_display=if(len(url_full)>60, substr(url_full,1,60)."…", url_full)
| table host url_display _full_url</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
<option name="drilldown">row</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<set token="full_url_token">$row._full_url$</set>
</drilldown>
</table>
</panel>
</row>
<row depends="$full_url_token$">
<panel>
<html>
<h3>Full URL</h3>
<p>$full_url_token$</p>
</html>
</panel>
</row>
</dashboard>🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Further to my other reply, if you just want to truncate you could use substr() function:
| eval url_chunked=substr(url_full,0,50)."..."
Full example:
| makeresults count=1
| eval SomeField="Some Value"
| eval host="web-server-001"
| eval url_full="https://example.com/a/very/long/path/that/goes/on/and/on/and/on/until/it/reaches_the/really/really/far/end/adding/more/segments/to/demonstrate/excessive/length/in/this/uri/string/exceeding/every/reasonable/limit/for/display/in/default/table/view"
| eval url_chunked=substr(url_full,0,50)."..."
| fields - url_full🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Hi @NoSpaces
You can use a REX command with multiple match allowance/limit to chunk the url into the length required, this would then split it across multiple lines, would this help?
| rex max_match=100 field=url_full "(?<url_chunked>[\S]{1,50})"
Full example:
| makeresults count=1
| eval SomeField="Some Value"
| eval host="web-server-001"
| eval url_full="https://example.com/a/very/long/path/that/goes/on/and/on/and/on/until/it/reaches_the/really/really/far/end/adding/more/segments/to/demonstrate/excessive/length/in/this/uri/string/exceeding/every/reasonable/limit/for/display/in/default/table/view"
| rex max_match=100 field=url_full "(?<url_chunked>[\S]{1,50})"
| fields - url_full🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
