Restrict Splunk drill-down for a Specific Field
So Today’s blog is going to be very interesting, and it is something that you can use as a daily use case. Without wasting any time, I will directly head towards the use case.
So we have a dashboard named “New drill-down sample”.
Which consists of a table, generally has four fields: method, status, count, and click.
And query of the below table also given,
index=_internal sourcetype=splunkd_ui_access
| stats count by method status
| eval click="Yes"
| table click method status count
As you can see using the “eval” command we have created a field called “click”, with a “Yes” value.
Now this “click” field is going to be our drill-down field, where we will click but the respective “method” value of that row will pass. And that drill-down click should be restricted only in the “click” field, i.e. drill down should not happen if we click anywhere other than the “click” field.
At first click on edit.
Then click on the three-dot and “edit drill-down” as shown.
Then choose “Link to search”
And “custom”
And put the drill-down search string with a token, which we will create in the later stage of the demonstration.
Then click on “source” and do the following changes as shown below.
Complete source code is given below
[download the complete “source code” by clicking the download]
And then save the dashboard.
Hope you all enjoyed this blog “Restrict Splunk drill-down for a Specific Field“, see you in the next one.
Happy Splunking!!
