I am creating a statistics table in Splunk by reading from multiple application logs and what I am showing in the table are the list of users and the log file names where these users information are present. What I need help with is that - I need a download file link on each row where the user can download the actual log file present in the Splunk Server file system for any further details.
User Logname download d12345 abcd.log download file d56789 ertyyu.log download file
Can you please help me and guide me on how to do this?
Drilldown Tag Link Reference # http://docs.splunk.com/Documentation/Splunk/6.1.3/Viz/PanelreferenceforSimplifiedXML#link
You could create a drilldown dashboard (or add a panel to same dashboard) to show the events from that clicked log file name. You can show the raw events in the dashboard panel and the default export option of the panel (export button when you mouse hover to right bottom of the visualization) can be used by user to manually download the file content (search results that you wrote based on the Logname of clicked row). See this for more info on dashboard drilldown:
Splunk doesn't store the "actual file" but process it's data into events and stores the events into it's indexes. So, there is not way to get the actual file from Splunk Web UI. If your event processing doesn't update any raw data content, then the export functionality that I described will get you the actual file content (based on the drilldown search that you're going to write).