Reputation: 28142
How to get url to specific splunk event?
How can I get a url to a specific splunk event from a list of splunk events returned by a search?
If it's not possible, and I need to create a search that only returns that event, is there some unique id for each event that I can use in the query?
Upvotes: 10
Views: 6294
Answers (2)
Reputation: 2571
In your search results, click the event time. In a popup that appears, click "At this time". This will create another search with only this one event selected. Now you can share your search as usual, e.g. by copying the link from the browser's navigation bar.
Upvotes: 9
Reputation: 3956
You can use conditional linking to link to a specific event from a list.
The <condition> element allows you to get a particular event or other value, and use that value to build your link.
Here's an example from the Splunk conditional linking documentation:
<drilldown>
<condition field="A">
<link>[target_URL]?q=$[value_from_field_A]$</link>
</condition>
<condition field="B">
<link>[other_target_URL]?q=$[value_from_field_B]$</link>
</condition>
</drilldown>
Depending on the event that you want to target, you could use a value specific to that event (timestamp, source, etc.) to build the link.
Upvotes: 1
Related Questions
- Extract data from splunk
- Splunk Event JSON to Table
- Splunk cli search to get all events
- Splunk : extract multiple values from each event
- Extract Url from access Log in Splunk
- how to matching URI in splunk
- Splunk query filter out based on other event in same index
- How to add custom field to events in Splunk?
- Splunk: Find the difference between 2 events
- splunk latest event for each host