All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Possibility of adding mutiple URL to a redirector and selecting different cells in a table?

chizops
Path Finder
‎10-18-2012 12:24 PM

Is it possible to add different url' to a redirector and is it possible to select a cell from a table instead of using the first cell in a row? so far my redirector has the following

              <param name="arg.earliest">$search.timeRange.earliest$</param>
              <param name="arg.latest">$search.timeRange.latest$</param>
              <param name="url">threat_content_name_investigation_BETA</param>
              <param name="arg.user">$user.rawValue$</param>
              <param name="arg.autoRun">True</param>
              <param name="arg.port">$click.value$</param>

The problem with this is that it takes the value from the first cell in the table which is a date and time and I actually want to get either source ports or dest. ports amung other info such as source IP. I also have a different view for ports that I do for IP's so having more than one url would be nice but I would not know how to accomplish that.

Any thoughts?

Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎10-18-2012 01:56 PM

Some points that should help you out here:

1) you can put $foo$ tokens in as part or all of the url param. So if you have a field inthe table that is a url, you can have that field be the entirety of the url param, or if only part of the url is dynamic you can have just part of the url be a $foo$ token.

2) if you get the latest Sideview Utils from the Sideview site, you can use the new Table module to replace SimpleResultsTable, and Table has a param called "hiddenFields", that allows you to have field data there in the results, use it in drilldowns and in custom rendering, but not actually display it to the user. (this can be useful for lots of things, like for example dynamic urls for drilldowns)

3) Sideview Utils patches JSChart, FlashChart and SimpleResultsTable so that you're not stuck with just $click.value$, which is always the first cell of the table. Instead with Utils there in the page all of these modules are patched to give you $click.fields.fieldName$ for all fields that are there. With the new Table module this convention is continued, and you can of course reference the "hiddenFields".

To flesh out how exactly you would get your different URL for ports and IP's, you'd actualy use the search language to make a field called "url", and you'd use the if function in eval to set the URL value to an appropriate value depending on the nature of your other fields.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎10-18-2012 01:56 PM

Some points that should help you out here:

1) you can put $foo$ tokens in as part or all of the url param. So if you have a field inthe table that is a url, you can have that field be the entirety of the url param, or if only part of the url is dynamic you can have just part of the url be a $foo$ token.

2) if you get the latest Sideview Utils from the Sideview site, you can use the new Table module to replace SimpleResultsTable, and Table has a param called "hiddenFields", that allows you to have field data there in the results, use it in drilldowns and in custom rendering, but not actually display it to the user. (this can be useful for lots of things, like for example dynamic urls for drilldowns)

3) Sideview Utils patches JSChart, FlashChart and SimpleResultsTable so that you're not stuck with just $click.value$, which is always the first cell of the table. Instead with Utils there in the page all of these modules are patched to give you $click.fields.fieldName$ for all fields that are there. With the new Table module this convention is continued, and you can of course reference the "hiddenFields".

To flesh out how exactly you would get your different URL for ports and IP's, you'd actualy use the search language to make a field called "url", and you'd use the if function in eval to set the URL value to an appropriate value depending on the nature of your other fields.

Reply
Solved! Jump to solution

chizops
Path Finder
‎10-19-2012 07:36 AM

So far got the multiple clickable fields to work. I'll try the multiple url later but I'm sure it will work. Many thanks. Much appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...