Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ConvertToIntention within ConvertToIntention

MatthewTowey
Path Finder
‎06-13-2012 08:44 AM

Hi

I would like to add 2 arguments to a search from the results table this is the code that I have tried to work on. Any Help please?

<module name="ResultsHeader" layoutPanel="resultsHeaderPanel" group="splIcon-results-table" altTitle="Table">
  <param name="entityLabel">results</param>
  <param name="entityLabelSingular">result</param>
  <param name="entityName">results</param>
  <module name="Export" layoutPanel="pageControls">
    <param name="exportType">result</param>
  </module>
  <module name="EnablePreview" group="show" layoutPanel="resultsOptions">
    <param name="enable">True</param>
    <module name="Paginator" layoutPanel="pageControls">
      <param name="entityName">results</param>
      <param name="maxPages">10</param>
      <module name="RowNumbers" layoutPanel="resultsOptions">
        <module name="DataOverlay" layoutPanel="resultsAreaLeft">
          <module name="SimpleResultsTable" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="drilldown">all</param>
            <module name="ConvertToIntention">
              <param name="intention">
                <param name="name">addterm</param>
                <param name="arg">
                  <param name="source">$click.value$</param>
                </param>  
              </param>
              <module name="ConvertToIntention">
                <param name="intention">
                  <param name="name">addterm</param>
                  <param name="arg2">
                    <param name="source">$click2.value$</param>
                  </param>  
                </param>
                <module name="ViewRedirector">
                  <param name="viewTarget">YourView2</param>
                  <param name="popup">True</param>
                </module>
              </module>
            </module>
          </module>
          <module name="Paginator" layoutPanel="resultsAreaLeft">
            <param name="entityName">results</param>
            <param name="maxPages">10</param>
          </module>
        </module>
      </module>
    </module>
  </module>
</module>
0 Karma
Reply

vgnoc
Explorer
‎10-03-2012 01:54 AM

Hi,
Below is the output from the device
Oct 3 09:45:28 172.18.1.221 Website=xxx:80 ClientIP=xxx.xxx.xxx.235 HTTP_Method=POST URL="/" HTTP_Version=HTTP/1.1 User_Agent=Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 HTTP_Referer="http://xxxx/" Request_Start_Time=2012/10/03 09:46:15 Request_Length=1424 Request_Elapsed_Time=26 Server=xxx.xxx.xxx.xxx:80 HTTP_Status=302 Response_Start_Time=2012/10/03 09:46:15 Response_Length=147

The search then picks up the ClientIP, dedups it so i know how many individual clients and then locates in the world using geoip. The table i generate with the above will then list clients per a country, but ideally i would like to drill down into the table and get the ips for clients in that country.

Any help greatly apprecitated.
Keith

0 Karma
Reply

MatthewTowey
Path Finder
‎06-14-2012 01:47 AM

02 May 2012 08:14:31:411 INFO [Fix message assembler] in.FMRFIBOOM_BLPUS - <13 NewOrderSingle (8=FIX.4.4|9=123|35=D|56=BLPUS|49=FMRFIBOOM|52=20120502-12:14:31|34=15|54=8|55=IBM|38=15200|44=27|11=Order8|21=2|60=20120502-12:14:31|40=7|10=118|)
this is an example log entry i want to select both 56= and 49=
the search string has not been specified yet ! I seen an example or two where the clicks where replacing specific fields e.g a user name and associated i.p for that log on but at the moment i'm just been requested to provide 2 click selection on a universal search! Hope that makes more sense!

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎06-13-2012 09:59 AM

Can you describe in more detail what the search looks like, what the results look like, and the problems you are having with the drilldown? I can't tell that from the code sample you have provide above (thanks for the code, though!).

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...