I have a dashboard that displays several tables relating to the contents of emails being monitored by several security devices. One of the tables displays all of the URLs that were extracted from these emails. I've built a drilldown feature that allows analysts to click on an individual URL and open up a new tab pre-populated to search the enterprise web proxy logs for this URL using the token
`$result.url$`. Is there an easy way to add a link/button that will collect all of the URL values from the table and pass them to a search together?
So in addition to the existing drilldown, which creates a search like this:
`index=proxy url="$result.url$"`
I'd also like to be able to automatically create one like this:
`index=proxy url="$result1.url$" OR url="$result2.url$" OR url="$result3.url$"...`
We're on Splunk Enterprise 6.6.2, if it matters. Thanks!
↧