Splunk Search

Search results, link to url

jgauthier
Contributor

Greetings,

I've done some reading, but I can't seem to put together the various answers over the course of the years. I am using Splunk 5. I have a dashboard, and it has a dynamic drill down which then just calls a splunk query. I would really like to make that query some of the data (an id field) be a clickable link to an outside page. (ie: http://website.com/info?$id$).

How could I achieve this functionality?

Tags (3)
0 Karma
1 Solution

melting
Splunk Employee
Splunk Employee

There is some documentation on how to do this is simplexml:

Roughly if this a table you could do something like:

<table>
...
<drilldown>
<link>http://website.com/info?$row.id$).
</drilldown>
</table

Some other tokens available:

click.value2 - the value that you clicked on if you drilldown type is cell
click.name1 - the fieldname that clicked on.
click.value - the far left column's value
click.name - the far left column's field name

View solution in original post

melting
Splunk Employee
Splunk Employee

There is some documentation on how to do this is simplexml:

Roughly if this a table you could do something like:

<table>
...
<drilldown>
<link>http://website.com/info?$row.id$).
</drilldown>
</table

Some other tokens available:

click.value2 - the value that you clicked on if you drilldown type is cell
click.name1 - the fieldname that clicked on.
click.value - the far left column's value
click.name - the far left column's field name

qbolbk59
Path Finder

Hi @melting_splunk ,

Does the tokens you specified, works for Bar chart dashboards as well ?

For e.g., i have a bar chart and i want to add a drill down "link to a search" and i wish to open a new search when i click on a bar of my graph. the new search should open results of the clicked value only. So what i tried to do is pass the variables using the token click.value. But it always opens a blank search.

0 Karma

mcm10285
Communicator

Is this doable in advanced xml?

0 Karma

jgauthier
Contributor

Thanks. I really wanted to do this from a search, but I did make another dashboard. The original dashboard drills down into the second supplying the form information, and then those rows are able to be drilled down. So mission accomplished!

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...