I would like to know if it's possible to add a column to the end of my search results with an editable text box in it, so I can add comments to specific rows in my output before printing or emailing the results off to other people. The results of my query can change wildly each time I run it, so adding a static column is not an option for this particular scenario.
For example, I have a query that shows the top 10 exceptions for a given application in the specified timeframe. I'd like to be able to add a comment for each exception that gives a brioef explanation of the issue and/or what has been done to address it.
so, instead of seeing a report that has
nameNotFoundException 1182
Bad Result From Customer Lookup 75
I want to be able to add comments to the end of each result so it looks something like the following when printed/sent off to someone:
nameNotFoundException 1182 Fix scheduled for Oct 22 release
Bad Result From Customer Lookup 75 Ticket 1234 opened with Marketing Run Team 7/30
Is this kind of customization available from within Splunk? I know I can export to a .csv and do it there, but I need to repeat this process multiple times for different teams, so I am looking for a way to streamline it a little from that.
Thoughts/Suggestions?
