I'm trying to use dynamic drilldown to do the following:
Essentially the URL opens a link to a non-local RDP session(mstsc) where I was hoping to fill the RDP field with the value clicked by the user. This is not a local RDP session, it's a link to a jump server farm so it has to go through the URL in order to get to the remote RDP session.
Here's what I have so far -
<dashboard>
<label>Windows User Login Auditing</label>
<row>
<panel>
<table>
<title>Windows User Logins</title>
<search>
<query>index="wineventlog" source="WinEventLog:Security" (EventCode=4624 OR 4634) Process_Name="*winlogon*"
| table user, dst_nt_domain, ComputerName, src_ip
| rename user as "User", dst_nt_domain as "Domain", ComputerName as "Source FQDN", src_ip as "Source IP"
</query>
<earliest>-8h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
<refresh>10m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="count">50</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<format type="color" field="FQDN">
<colorPalette type="map"></colorPalette>
</format>
<drilldown>
<link>
https://URL.com/rdp/CmsRdsh.rdp?ReturnUrl=%2fRDWeb%2fPages%2fen-US%2fDefault.aspx?q=$click.value2$
</link>
</drilldown>
</table>
</panel>
</row>
</dashboard>