Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

ConvertToIntention within ConvertToIntention

MatthewTowey
Path Finder
‎06-13-2012 08:44 AM

Hi

I would like to add 2 arguments to a search from the results table this is the code that I have tried to work on. Any Help please?

<module name="ResultsHeader" layoutPanel="resultsHeaderPanel" group="splIcon-results-table" altTitle="Table">
  <param name="entityLabel">results</param>
  <param name="entityLabelSingular">result</param>
  <param name="entityName">results</param>
  <module name="Export" layoutPanel="pageControls">
    <param name="exportType">result</param>
  </module>
  <module name="EnablePreview" group="show" layoutPanel="resultsOptions">
    <param name="enable">True</param>
    <module name="Paginator" layoutPanel="pageControls">
      <param name="entityName">results</param>
      <param name="maxPages">10</param>
      <module name="RowNumbers" layoutPanel="resultsOptions">
        <module name="DataOverlay" layoutPanel="resultsAreaLeft">
          <module name="SimpleResultsTable" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="drilldown">all</param>
            <module name="ConvertToIntention">
              <param name="intention">
                <param name="name">addterm</param>
                <param name="arg">
                  <param name="source">$click.value$</param>
                </param>  
              </param>
              <module name="ConvertToIntention">
                <param name="intention">
                  <param name="name">addterm</param>
                  <param name="arg2">
                    <param name="source">$click2.value$</param>
                  </param>  
                </param>
                <module name="ViewRedirector">
                  <param name="viewTarget">YourView2</param>
                  <param name="popup">True</param>
                </module>
              </module>
            </module>
          </module>
          <module name="Paginator" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="maxPages">10</param>
          </module>
        </module>
      </module>
    </module>
  </module>
</module>
0 Karma
Reply

vgnoc
Explorer
‎10-03-2012 01:54 AM

Hi,
Below is the output from the device
Oct 3 09:45:28 172.18.1.221 Website=xxx:80 ClientIP=xxx.xxx.xxx.235 HTTP_Method=POST URL="/" HTTP_Version=HTTP/1.1 User_Agent=Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 HTTP_Referer="http://xxxx/" Request_Start_Time=2012/10/03 09:46:15 Request_Length=1424 Request_Elapsed_Time=26 Server=xxx.xxx.xxx.xxx:80 HTTP_Status=302 Response_Start_Time=2012/10/03 09:46:15 Response_Length=147

The search then picks up the ClientIP, dedups it so i know how many individual clients and then locates in the world using geoip. The table i generate with the above will then list clients per a country, but ideally i would like to drill down into the table and get the ips for clients in that country.

Any help greatly apprecitated.
Keith

0 Karma
Reply

MatthewTowey
Path Finder
‎06-14-2012 01:47 AM

02 May 2012 08:14:31:411 INFO [Fix message assembler] in.FMRFIBOOM_BLPUS - <13 NewOrderSingle (8=FIX.4.4|9=123|35=D|56=BLPUS|49=FMRFIBOOM|52=20120502-12:14:31|34=15|54=8|55=IBM|38=15200|44=27|11=Order8|21=2|60=20120502-12:14:31|40=7|10=118|)
this is an example log entry i want to select both 56= and 49=
the search string has not been specified yet ! I seen an example or two where the clicks where replacing specific fields e.g a user name and associated i.p for that log on but at the moment i'm just been requested to provide 2 click selection on a universal search! Hope that makes more sense!

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎06-13-2012 09:59 AM

Can you describe in more detail what the search looks like, what the results look like, and the problems you are having with the drilldown? I can't tell that from the code sample you have provide above (thanks for the code, though!).

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...