Splunk Search

How to create a dynamic download file link in a stats table?

rijutha
Explorer

Hi,

I am creating a statistics table in Splunk by reading from multiple application logs and what I am showing in the table are the list of users and the log file names where these users information are present. What I need help with is that - I need a download file link on each row where the user can download the actual log file present in the Splunk Server file system for any further details.

Like this:

User            Logname      download
d12345          abcd.log     download file
d56789          ertyyu.log   download file

Can you please help me and guide me on how to do this?

0 Karma

jagadeeshm
Contributor

Two options:

  1. Include a CSS and write a custom class to enable links to the column value
  2. You can specify a link to your detail report in a drilldown tag

Drilldown Tag Link Reference # http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/PanelreferenceforSimplifiedXML#link

0 Karma

rijutha
Explorer

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma

jagadeeshm
Contributor

Where are these files located? Are they on the Splunk Server itself ?

0 Karma

rijutha
Explorer

Yes. They are placed in the Splunk Server itself.

0 Karma

somesoni2
Revered Legend

You could create a drilldown dashboard (or add a panel to same dashboard) to show the events from that clicked log file name. You can show the raw events in the dashboard panel and the default export option of the panel (export button when you mouse hover to right bottom of the visualization) can be used by user to manually download the file content (search results that you wrote based on the Logname of clicked row). See this for more info on dashboard drilldown:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/Dynamicdrilldownindashboardsandforms

0 Karma

rijutha
Explorer

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma

somesoni2
Revered Legend

Splunk doesn't store the "actual file" but process it's data into events and stores the events into it's indexes. So, there is not way to get the actual file from Splunk Web UI. If your event processing doesn't update any raw data content, then the export functionality that I described will get you the actual file content (based on the drilldown search that you're going to write).

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...