Is it possible to have multiple possibility of dri...

bugnet · ‎04-23-2017

hi all,
Is it possible to have multiple possibility of drilldown, based on the same field ?
I have table with a column "source_ip". I need to open a few options when clicking on the source IP address - for example 1.Blocke IP 2.Release IP

My existing drilldown allows me only to open one link.

<drilldown>
           <link>
          http://192.168.1.1/blockscript?ip=$row.source_ip$
            </link>
 </drilldown>

How could I achieve that ?

bugnet · ‎04-25-2017

Not so helpful to me. More ideas?

niketn · ‎04-23-2017

Can you add two column to each row of output in your table?

<YourBaseSearchToPrintTableWithSourceIP>
| eval Blocked="Blocked IP"
| eval Source="Source IP"

Then code your drilldown based on which column was clicked and pick up the $row.source_ip$ for both with different base URLs as per your need when a row in either Blocked or Source IP column is clicked.

     <condition field="Blocked">
        <link>
              http://192.168.1.1/blockscript?ip=$row.source_ip$
         </link>
     </condition>
     <condition field="Source">
        <link>
              http://<AnotherURL>?ip=$row.source_ip$
         </link>
     </condition>

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

woodcock · ‎04-23-2017

Have you looked at workflow actions? Unfortunately these do not work in table visualization panels but they DEFINITELY should (please somebody open an ER).

http://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/Knowledge/CreateworkflowactionsinSplunkWeb

Is it possible to have multiple possibility of drilldown, based on the same field ?

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!