All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timeline - Custom Visualization: How to set up tokens and control the drilldown behavior for cells, rows, and the legend?

snoobzilla
Builder
‎11-17-2016 09:12 AM

Getting some great use out of this visualization. Trying to figure out options/tokens and to control drilldown...

How can get row label as token value when I click on row label?
How can get legend as token value when I click on legend?
How do turn on/off drilldown for cell/row/legend?

Do you have any additional documentation?

What I have figured out so far...

click.name and click.name2 appear to be _time
row.field works from data points only on first field in results only so far

e.g. where end of search is this

| table _time inc_number TYPE
This works
        <drilldown target="_blank">
          <link>https://mylink&amp;sysparm_mi=$row.inc_number$</link>
        </drilldown>
This doesn't pick up TYPE
        <drilldown target="_blank">
          <link>https://mylink&amp;sysparm_mi=$row.TYPE$</link>
        </drilldown>

Thanks in advance for assistance.

Ian

Reply

davpx
Communicator
‎11-17-2016 09:49 AM

Take a look here. You might be after click.value

http://docs.splunk.com/Documentation/Splunk/6.5.0/Viz/tokens#Predefined_tokens_for_dynamic_drilldown

0 Karma
Reply

snoobzilla
Builder
‎11-17-2016 10:15 AM

Thanks, I had checked that but not mentions above...
click.name and click.name2 both give literal "_time"
click.value and click.value2 both give epoch time

0 Karma
Reply

davpx
Communicator
‎11-17-2016 10:58 AM

That doesn't sound correct. With the search logic provided, here's how I've seen the tokens come out testing on my side.

click.name = "_time" (leftmost column name)
click.name2 = {{column label of the cell clicked}}
click.value = {{numeric (epoch) value of _time column}}
click.value2 = {{value of cell clicked}}
row._time = {{human readable _time of row clicked}}
row.inc_number = {{value of inc_number for row clicked}}
row.TYPE = {{value of TYPE for row clicked}}

0 Karma
Reply

snoobzilla
Builder
‎11-18-2016 05:21 AM

I was asking specifically about the Timeline - Custom Visualization. Are you testing from that visualization?

https://splunkbase.splunk.com/app/3120/

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...