Splunk Search

Results from search link to another site

gnovak
Builder

Hi!

I am not quite sure how to go about trying to do this task.

I have 3 searches that run and gather data in splunk. The data is presented on a dashboard in a chart I have created using simple xml.

What I would like to do is be able to click on a result and be taken to another site where that result is also part of the URL.

For example:

If one of the results in my chart is 6411-CP, I would like to click on that and then be taken to:

https://lists.somewebsite.info/lurker/search/20380101.000000.00000000@ml:info-cc-notify,6411-cp,bala...

See how the 6411-CP is in the url? This is really the only thing that would be different about the url every time.

Is there a way to have all of the results from a search inserted into a URL that is linked on the result? (if that makes sense....)

Tags (2)
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Yes. You can use Splunk Workflow actions to (mostly) do this. http://www.splunk.com/base/Documentation/latest/Knowledge/CreateworkflowactionsinSplunkWeb This actually makes you click through a menu on the field value, not on the whole result.

If you must have it click through when clicking on the result, it's a bit more work, but you can probably create a custom event renderer with CSS: http://www.splunk.com/base/Documentation/latest/Developer/EventRendering

0 Karma

gnovak
Builder

eventtype worked. nevermind i just had a conversation with myself and resolved my own problem. :face_with_tongue:

0 Karma

gnovak
Builder

i'm going to try building an eventtype for this

0 Karma

gnovak
Builder

I also would love to be able to click on this menu for the workflow action directly from the dashboard if possible. I'm still reading the links you sent me but figured I'd ask anyways

0 Karma

gnovak
Builder

to explain a little better, 6411-CP will be in the results for 3 different searches that are executed on my dashboard. The result will be under the field Registrar. However a search executes for say, foo, bar, and foobar.

I need to be able to click on the Registrar under each one and have it take me to the correct url that includes either foo, bar or foobar.

0 Karma

gnovak
Builder

this will work. however how would i be able to make workflow action based on a field from a particular search that is executed? For instance, can i tell it to look at the field results from a particular search?

I have 3 searches that run that produce entries for the field Registrars such as 6411-CP, 5849-AB, etc. Most of the field results will be the same for all 3 searches. The only difference in all 3 of these is the source from which these results are generated will be different.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...