For step 1  you are supposed to use this Url: https://api.splunk.com/2.0/rest/login/splunk     ... View more

<drilldown> <condition field="Failed Jobs"> <link target = "_blank">search?q=index%3Dabc%20source%3D%22%2FsplunkLogs%2FJOB_MDJX_CS_STATS_PLATINUM.csv%22%7C%20eval%20fields%3Dsplit(_raw%2C%22%2C%22)%20%7Ceval%20Environment%3Dmvindex(fields%2C11)%7Ceval%20JOBFLOW_ID%3Dmvindex(fields%2C0)%20%7Ceval%20JOB_EXEC_TIME%3Dmvindex(fields%2C8)%7Ceval%20RunDate%3Dmvindex(fields%2C3)%7Ceval%20JOB_STATUS%3Dmvindex(fields%2C5)%7Cwhere%20Environment%3D%22E3%22%7Cwhere%20JOBFLOW_ID%20LIKE%20%22%25%25%22%7Ceval%20RunDate%3D%2220%22.mvindex(fields%2C3)%7Ceval%20Run_Date%3Dstrptime(RunDate%2C%22%25Y%25m%25d%22)%0A%7Cfieldformat%20Run_Date%3Dstrftime(Run_Date%2C%22%25d%2F%25b%2F%25Y%22)%7Cwhere%20JOB_STATUS%3D%3D%22FAILED%22%7Cstats%20COUNT</link> </drilldown>   This is what my code looks like when I want to drilldown to a detailed search.   You have the token selected_value , in the conditions field you can change "Failed Jobs"  to what you are expecting  .   Also very important, you have to put your query inside a url encoder: https://meyerweb.com/eric/tools/dencoder/ <--- This one works good. -Marco     ... View more

If you're a Developer you can get a Developer License. It will give you access to Splunk Enterprise for 6 month and you can renew it.  https://dev.splunk.com/enterprise/dev_license/ Thank you, Marco ... View more

@klaxdal  I checked my bin directory and it looks like only half of splunk installed (compared to the Bin Directory on Windows Splunk). I'm going to uninstall the app and let you.  ... View more

@klaxdal  Although it didn't work it gave me different results. I appreciate the help ... View more

@richgalloway  It's just so random, I like it XD. Thank you Cheers! -Marco ... View more

@ryan_mercer  if you are trying to accept Input From a user this guy has some really good examples on how to do that. https://github.com/JasonConger/SplunkConf18 I was able to make something like this from his examples. Not sure if this is what you're going for. -Marco ... View more

Thank you, using the REGEX example i was able to generate a count but since I am not to familiar with REGEX I did it another way. host=*| eval SPECIAL=if(like(COMMAND, "% SPECIAL") OR like(COMMAND, "% SPECIAL %"),1,0)| chart sum(SPECIAL) Using an Or statement gets me the same results.  -Marco ... View more

@ITWhisperer Thank you, Originally I tried that but it creates  a whole new "Panel" .  At this point I am starting to believe italics cannot be done inside the description tags.  Correct me if I'm wrong.   Best Wishes, Marco ... View more

@ITWhisperer  I am trying to add Italics to the description tag <dashboard> <label>test</label> <description>I want to italicize this text ---&gt; This Text &lt;-----</description> </dashboard> ... View more

@richgalloway Thank you for the clarification  -Marco C. ... View more