How to get url to specific splunk event?

5
votes

How can I get a url to a specific splunk event from a list of splunk events returned by a search?

If it's not possible, and I need to create a search that only returns that event, is there some unique id for each event that I can use in the query?

2
splunksplunk-query

2 Answers

2
votes

In your search results, click the event time. In a popup that appears, click "At this time". This will create another search with only this one event selected. Now you can share your search as usual, e.g. by copying the link from the browser's navigation bar.

enter image description here

1
votes

You can use conditional linking to link to a specific event from a list.

The <condition> element allows you to get a particular event or other value, and use that value to build your link.

Here's an example from the Splunk conditional linking documentation:

<drilldown>
  <condition field="A">
    <link>[target_URL]?q=$[value_from_field_A]$</link>
  </condition>

  <condition field="B">
    <link>[other_target_URL]?q=$[value_from_field_B]$</link>
  </condition>
</drilldown>

Depending on the event that you want to target, you could use a value specific to that event (timestamp, source, etc.) to build the link.