Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

link to search

rashid47010
Communicator
‎03-07-2019 03:50 AM

I have a coloum chart with values displaying.
I select "configure link to a search"
when I click on coloum bar it opens the results in new windows. Problem is that beside showing act=unspecified|quarantine, it get the "number/count of event"

below is my query appear in searchbar:

iindex=trend sourcetype=e** cat="*e" **act=24 | dedup fixxth | table xxcxoxt fixxaxxh act TxxrxdMxxxroxxxleSHA1

search in the drilldown editor query is below:

iindex=trend sourcetype=*e act=$click.value2$ | dedup fixxth | table xxcxoxt fixxaxxh act TxxrxdMxxxroxxxleSHA1

Please help to fix this issue.

Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎03-07-2019 04:09 AM

If I understand your question, you want a click on a row to open a search which specifies the 'act' field in the new search?

If that's correct, try this:

index=trend sourcetype=**e* act=$row.act$ | dedup fixxth | table xxcxoxt fixxaxxh act TxxrxdMxxxroxxxleSHA1
If my comment helps, please give it a thumbs up!
0 Karma
Reply

rashid47010
Communicator
‎03-13-2019 05:15 AM

I have a chart showing top 10 values.
when I click on bar it should show me the values instead of act=24.
I want to values of that fields beside the count.

act=block|quarantine

instead of act=24

I am using act=$click.value2$ but instead taking the values=block|quarantine, he toold value(act=24)

hope you understand my query

0 Karma
Reply

rashid47010
Communicator
‎03-10-2019 03:56 AM

Dear Nick,

I have a chart showing top 10 values.
when I click on bar it should show me the values instead of act=24.
I want to values of that fields beside the count.

act=block|quarantine

instead of act=24

I am using act=$click.value2$ but instead taking the values=block|quarantine, he toold value(act=24)

hope you understand my query

0 Karma
Reply

harishalipaka
Motivator
‎03-07-2019 04:02 AM

hi @rashid47010

u want to remove that link to search ust add in your proprties..

<option name="drilldown">none</option>
Thanks
Harish
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...