Splunk Drilldown for a specific column in a table?

marmehta · ‎02-07-2020

I want to open a search with the case number user clicked the attached table sample. Currently, my search is getting the ANI information dynamically from the form, but I want the drill-down to get ANI as well as the clicked CASE_NUMBER.

Referring to the below given example, in the panel named: Caller Actions by Unique Cases and DNISs" , I want that if I click on CASE_NUMBER 46770533, the search should take search parameters like "CASE_NUMBER=46770533" AND "ANI=1234567890" (The one entered in the form above).

Thanks in Advance.

thambisetty · ‎11-02-2021

@thambisetty answer availalable at here would be useful

————————————
If this helps, give a like below.

cmerriman · ‎02-07-2020

you need to create two tokens, one fore ANI and one for CASE_NUMBER

something like

<set token="case_num">$row.CASE_NUMBER$</set>
<set token="ani">$row.ANI$</set>

and then edit the search drilldown to use those two tokens.

something like

  <link target="_blank">search?q=<search in url encoded nonsense>&amp;CASE_NUMBER=$case_num$&amp;ANI=$ani$</link>

Splunk Drilldown for a specific column in a table?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!