Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a dynamic download file link in a stats table?

rijutha
Explorer
‎01-21-2017 07:45 AM

Hi,

I am creating a statistics table in Splunk by reading from multiple application logs and what I am showing in the table are the list of users and the log file names where these users information are present. What I need help with is that - I need a download file link on each row where the user can download the actual log file present in the Splunk Server file system for any further details.

Like this:

User            Logname      download
d12345          abcd.log     download file
d56789          ertyyu.log   download file

Can you please help me and guide me on how to do this?

0 Karma
Reply

jagadeeshm
Contributor
‎01-21-2017 02:34 PM

Two options:

  1. Include a CSS and write a custom class to enable links to the column value
  2. You can specify a link to your detail report in a drilldown tag

Drilldown Tag Link Reference # http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/PanelreferenceforSimplifiedXML#link

0 Karma
Reply

rijutha
Explorer
‎01-22-2017 12:19 AM

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma
Reply

jagadeeshm
Contributor
‎01-22-2017 05:05 AM

Where are these files located? Are they on the Splunk Server itself ?

0 Karma
Reply

rijutha
Explorer
‎01-24-2017 04:23 AM

Yes. They are placed in the Splunk Server itself.

0 Karma
Reply

somesoni2
Revered Legend
‎01-21-2017 12:41 PM

You could create a drilldown dashboard (or add a panel to same dashboard) to show the events from that clicked log file name. You can show the raw events in the dashboard panel and the default export option of the panel (export button when you mouse hover to right bottom of the visualization) can be used by user to manually download the file content (search results that you wrote based on the Logname of clicked row). See this for more info on dashboard drilldown:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/Dynamicdrilldownindashboardsandforms

0 Karma
Reply

rijutha
Explorer
‎01-22-2017 12:19 AM

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma
Reply

somesoni2
Revered Legend
‎01-22-2017 10:03 AM

Splunk doesn't store the "actual file" but process it's data into events and stores the events into it's indexes. So, there is not way to get the actual file from Splunk Web UI. If your event processing doesn't update any raw data content, then the export functionality that I described will get you the actual file content (based on the drilldown search that you're going to write).

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...