Splunk Search

How to create a dynamic download file link in a stats table?

Explorer

Hi,

I am creating a statistics table in Splunk by reading from multiple application logs and what I am showing in the table are the list of users and the log file names where these users information are present. What I need help with is that - I need a download file link on each row where the user can download the actual log file present in the Splunk Server file system for any further details.

Like this:

User            Logname      download
d12345          abcd.log     download file
d56789          ertyyu.log   download file

Can you please help me and guide me on how to do this?

0 Karma

Contributor

Two options:

  1. Include a CSS and write a custom class to enable links to the column value
  2. You can specify a link to your detail report in a drilldown tag

Drilldown Tag Link Reference # http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/PanelreferenceforSimplifiedXML#link

0 Karma

Explorer

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma

Contributor

Where are these files located? Are they on the Splunk Server itself ?

0 Karma

Explorer

Yes. They are placed in the Splunk Server itself.

0 Karma

Revered Legend

You could create a drilldown dashboard (or add a panel to same dashboard) to show the events from that clicked log file name. You can show the raw events in the dashboard panel and the default export option of the panel (export button when you mouse hover to right bottom of the visualization) can be used by user to manually download the file content (search results that you wrote based on the Logname of clicked row). See this for more info on dashboard drilldown:
http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/Dynamicdrilldownindashboardsandforms

0 Karma

Explorer

Thank you. But is there a way to download the actual file from the server from the Splunk Web Interface?

0 Karma

Revered Legend

Splunk doesn't store the "actual file" but process it's data into events and stores the events into it's indexes. So, there is not way to get the actual file from Splunk Web UI. If your event processing doesn't update any raw data content, then the export functionality that I described will get you the actual file content (based on the drilldown search that you're going to write).

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!