hey @gcusello 
i want to create one big table:

index=a | table name last name message

i want to drill down to another hidden table:

when i will click on the message value -> an hidden panel will be seen with a table that show the only the chosen raw.

i want to drill down with a query like:

 index=a  identifier=???? | table name last name message

Hi @dordavid,

there isn't an absolute identifier because the events depend on the search.

So you could pass in drilldown all the fields in your table: name last_name message.

something like this:

        <drilldown>
          <link target="_blank">/app/your_app/drilldown_dashboard?name=$row.name$&amp;last_name=$row.last_name$&amp;message=$row.message$</link>
        </drilldown>

Ciao.

Giuseppe

@gcusello 

 usually my message field is very long - sometimes 150 rows length, so i used substr function on my message field, so actually my my message seems like:
eval message=substr(message, 1, 1000) - (only first 1000 chars)

i want to click on the message value  and display an hidden panel will show a table with the chosen raw.  

i try to do:

message=$row.message$

but sometimes i got errors like: "unbalanced quotes" - [because of the substr].

so i think to use _cd of event to do the search

Hi @dordavid,

as I feared, there are some quotes in your message, so you can't use it.

See if the other two fields are enough, otherwise you have to take another one in order to uniquely identify the event on which to drill down, a field that you can then also not display (using the <fields> option) at the end.

Ciao.

Giuseppe