Re: How do you customize the drilldown of a search...

heatonra · ‎09-28-2018

I've got a search viewed as a table and one of the values of the table cell is a URL. I want to be able to click on that URL and have the browser take me to it. My search results show that I need to customize the drilldown, but I don't see a drilldown customization in a search. Am I missing it somewhere? Is there any way to customize the drilldown of the "details" cell such that a click will take me to the URL that is the value of that cell?

Here's my (redacted) screenshot that shows what happens when I click on it (View events, Other events, etc.):

mstjohn_splunk · ‎10-01-2018

hi @heatonra

Did the answer below solve your problem? If so, please resolve this post by approving it!
If your problem is still not solved, keep us updated so that someone else can help ya. Thanks for posting!

gjanders · ‎09-28-2018

Refer to Use drilldown for dashboard interactivity if your running an older Splunk version such as 6.5.x there are other answers on SplunkAnswers or information in the documentation about editing the simpleXML for a drilldown.

In particular Link to a URL :

<link>[target_URL]?q=$[value_from_field_A]$</link>

You should be able to use your field value as part of your URL

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

kmaron · ‎09-28-2018

Customizing the drill down is done with the edit options for a panel in a dashboard. (three dots - More Actions - Edit Drilldown).

Though I believe its meant just to open a specific search/dashboard/report within Splunk. I have no idea if it's possible to load a URL. Hopefully someone else can answer that part.

How do you customize the drilldown of a search?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes