Dashboards & Visualizations

Dashboard drilldown conditions

klaudiac
Path Finder

Hi folks, 

Quick question, but I'm running out of ideas.

I have a dashboard where I compare results between US and EU, one of the filters is "side" where I differentiate between EU and US. 

When I select EU results, I'd like to be able to click on a result and it'll open up a new window with details of how that result was achieved (it's from another website)
Same scenario  for when i click on the Side=NA, it leads me to a different website.

I tried this, but as far as the EU part work, the US does not... 

 

<drilldown>
<condition match="$side$ = EU"></condition>
<condition>
<link target="_blank">/app/SplunkEnterpriseSecuritySuite/correlation_search_edit?search=$row.rule_name$</link>
</condition>

<condition match="$side$ = US"></condition>
<condition>
<link target="_blank">www.youtube.com</link>
</condition>
</drilldown>

 

Any hints or ideas? 

 

Thanks, 

Klaudia 

Labels (4)
0 Karma
1 Solution

bowesmana
SplunkTrust
SplunkTrust

@klaudiac 

You condition statements don't make sense. You have 4 conditions there, two are empty, i.e. 

 

<condition match="$side$ = EU"></condition>

 

does not do anything, so all you have there is a single drilldown, which will most likely be the first one Splunk comes across, i.e. the link to the ES correlation search edit

 Try this - note the &quot; values before and after the EU/ES, as they should be quoted for string matching.

 

<drilldown>
  <condition match="$side$ = &quot;EU&quot;">
    <link target="_blank">/app/SplunkEnterpriseSecuritySuite/correlation_search_edit?search=$row.rule_name$</link>
  </condition>
  <condition match="$side$ = &quot;US&quot;">
    <link target="_blank">www.youtube.com</link>
  </condition>
</drilldown>

 

 

View solution in original post

0 Karma

bowesmana
SplunkTrust
SplunkTrust

@klaudiac 

You condition statements don't make sense. You have 4 conditions there, two are empty, i.e. 

 

<condition match="$side$ = EU"></condition>

 

does not do anything, so all you have there is a single drilldown, which will most likely be the first one Splunk comes across, i.e. the link to the ES correlation search edit

 Try this - note the &quot; values before and after the EU/ES, as they should be quoted for string matching.

 

<drilldown>
  <condition match="$side$ = &quot;EU&quot;">
    <link target="_blank">/app/SplunkEnterpriseSecuritySuite/correlation_search_edit?search=$row.rule_name$</link>
  </condition>
  <condition match="$side$ = &quot;US&quot;">
    <link target="_blank">www.youtube.com</link>
  </condition>
</drilldown>

 

 

0 Karma

klaudiac
Path Finder

That worked, thanks so much! 

0 Karma

to4kawa
Ultra Champion
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...