All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to implement contextual drilldown for Treemap - Custom Visualization in Splunk 6.4.0?

pramaswamy
Path Finder
‎04-25-2016 07:37 PM

I have tried exploring existing Splunk Answers posts and documentation, however, I couldn't find what I am looking for. Hence this post to seek some help from community experts.

I am using the new "TreeMap Visualization App" in Splunk 6.4.(https://splunkbase.splunk.com/app/3118/). I want to implement contextual drilldown (ideally replace the current treemap with a new treemap) instead of the default search redirect when the user clicks the last level in the treemap drilldown. I am having hard time right row and column values selected in the treemap drilldowns.

A simple example below to demonstrate my question.

earliest=-1h sourceType="csv" | stats sum(metric1) by A,B

Here, I want to know the respective value for dimensions "A" and "B", depending on the tile clicked by the user.

Appreciate any help and insights?

Reply
1 Solution
Solved! Jump to solution
Solution

Simon_Fishel
Splunk Employee
Splunk Employee
‎04-27-2016 07:22 PM

Hi @pramaswamy,

Unfortunately the treemap itself doesn't support the level of drilldown customization you're looking for. But, you can integrate the treemap into custom dashboard drilldown logic just like with any other visualization. I think this will get you started (I did my best to match the sample data you provided, but you might have to make some tweaks):

<dashboard>
  <label>Treemap Custom Drilldown</label>
  <row>
    <panel>
      <viz type="treemap_app.treemap">
        <search>
          <query>source="..." earliest=-24h | stats sum(waitTime) by Server, ServerType</query>
        </search>
        <drilldown>
          <set token="Server">$row.Server$</set>
          <set token="ServerType">$row.ServerType$</set>
        </drilldown>
      </viz>
    </panel>
  </row>
  <row>
    <panel depends="$Server$,$ServerType$">
      <viz type="treemap_app.treemap">
        <search>
          <query>source="..." earliest=-24h Server="$Server$" ServerType="$ServerType$" | stats sum(waitTime) by arrayType, waitClassMetric</query>
        </search>
      </viz>
    </panel>
  </row>
</dashboard>

View solution in original post

Reply
Solved! Jump to solution
Solution

Simon_Fishel
Splunk Employee
Splunk Employee
‎04-27-2016 07:22 PM

Hi @pramaswamy,

Unfortunately the treemap itself doesn't support the level of drilldown customization you're looking for. But, you can integrate the treemap into custom dashboard drilldown logic just like with any other visualization. I think this will get you started (I did my best to match the sample data you provided, but you might have to make some tweaks):

<dashboard>
  <label>Treemap Custom Drilldown</label>
  <row>
    <panel>
      <viz type="treemap_app.treemap">
        <search>
          <query>source="..." earliest=-24h | stats sum(waitTime) by Server, ServerType</query>
        </search>
        <drilldown>
          <set token="Server">$row.Server$</set>
          <set token="ServerType">$row.ServerType$</set>
        </drilldown>
      </viz>
    </panel>
  </row>
  <row>
    <panel depends="$Server$,$ServerType$">
      <viz type="treemap_app.treemap">
        <search>
          <query>source="..." earliest=-24h Server="$Server$" ServerType="$ServerType$" | stats sum(waitTime) by arrayType, waitClassMetric</query>
        </search>
      </viz>
    </panel>
  </row>
</dashboard>
Reply
Solved! Jump to solution

pramaswamy
Path Finder
‎04-28-2016 11:42 PM

@Simon Fishel.

Thanks much, this is exactly what I need and works as intended. This opens wide range of possibilities with new viz libraries in 6.4 !!

0 Karma
Reply
Solved! Jump to solution

magnew_splunk
Splunk Employee
Splunk Employee
‎04-26-2016 01:25 PM

Hi pramaswamy,

Can you clarify exactly what you want to happen on click? Are you in a dashboard context? Or do you need this to work on the search page? There may be a way to do this with tokens on a dashboard. Can you give an example of the data (specifically fields and sample values) you are putting into the treemap and the data you would like to visualize on click?

Reply
Solved! Jump to solution

pramaswamy
Path Finder
‎04-26-2016 03:38 PM

Hi @magnew

Following up my previous explanation with some examples as well. They are synthetic data posted for better understanding the scenario.

Server Server Type sum(WaitTime)
EMC VMX-100-32cores 320k
EMC VMX-200-64cores 980k
Hitachi GSN-5433-32cores 849k
Hitachi GSN-5433-64cores 1243k

The initial treemap contains the first level hierarchy as Server, second level hierarchy as Server Type, with the WaitTime value, representing the tile size ( sequential representation )

When the user, click on a specific "Server" and "Server Type" , the WaitTimes are further drilled down to represent different buckets/WaitClasses. The Wait classes are hierarchical too, that is why I ideally want to refresh , the same treemap, with a completely new treemap ( of course, with the ability to navigate all the way to the top). If that is not possible, due to it being different context, I understand and I am fine with it being on the side. The new treemap is a result of treemap visualization built on search output, passing the right "Server" and "Server Type".

In this example, let's say user chose the first, the search would be something like,

source="....." earliest=-24h Server"EMC"  ServerType="VMX-100-32cores" | stats sum(waitTime) by arrayType,waitClassMetric

So, the 320k value, is further broken down by arrayType and waitClassMetric.

Hope this helps.

0 Karma
Reply
Solved! Jump to solution

pramaswamy
Path Finder
‎04-26-2016 03:21 PM

Hi @magnew
Sure let me try to explain in little bit more detail with context.

  1. Yes, I am in a dashboard context. Its a simple XML dashboard saved from a search, using the new treemap viz picker in 6.4
  2. I am trying to build a treemap with resource consumption on the tiles. Server make on one axis and server sub-type/number of cores on the other axis of treemap.

So, initially on the treemap, I have a hierarchical view of different server makes , partitioned by different sub-types as expected. So, if the end user clicks , on a server, the treemap zooms and displays the slices/partition by sub-types depending on resource usage as expected. So this is awesome.

Now, when the user clicks on sub-type, i want to ideally refresh the treemap, to display workload characterization for that sub-type ( the data comes from a different search, that takes the server make and sub-type selected by the user as inputs ). If the same treemap, can't be refreshed, then a chart beside it that displays the appropriate workload characterization for the server make and server sub-type selected by the user.

Hope this helps to add some more clarity to my ask. Thanks for getting back and trying to help me on this problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...