All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Timeline - Custom Visualization: How to set up tokens and control the drilldown behavior for cells, rows, and the legend?

snoobzilla
Builder
‎11-17-2016 09:12 AM

Getting some great use out of this visualization. Trying to figure out options/tokens and to control drilldown...

How can get row label as token value when I click on row label?
How can get legend as token value when I click on legend?
How do turn on/off drilldown for cell/row/legend?

Do you have any additional documentation?

What I have figured out so far...

click.name and click.name2 appear to be _time
row.field works from data points only on first field in results only so far

e.g. where end of search is this

| table _time inc_number TYPE
This works
        <drilldown target="_blank">
          <link>https://mylink&amp;sysparm_mi=$row.inc_number$</link>
        </drilldown>
This doesn't pick up TYPE
        <drilldown target="_blank">
          <link>https://mylink&amp;sysparm_mi=$row.TYPE$</link>
        </drilldown>

Thanks in advance for assistance.

Ian

Reply

davpx
Communicator
‎11-17-2016 09:49 AM

Take a look here. You might be after click.value

http://docs.splunk.com/Documentation/Splunk/6.5.0/Viz/tokens#Predefined_tokens_for_dynamic_drilldown

0 Karma
Reply

snoobzilla
Builder
‎11-17-2016 10:15 AM

Thanks, I had checked that but not mentions above...
click.name and click.name2 both give literal "_time"
click.value and click.value2 both give epoch time

0 Karma
Reply

davpx
Communicator
‎11-17-2016 10:58 AM

That doesn't sound correct. With the search logic provided, here's how I've seen the tokens come out testing on my side.

click.name = "_time" (leftmost column name)
click.name2 = {{column label of the cell clicked}}
click.value = {{numeric (epoch) value of _time column}}
click.value2 = {{value of cell clicked}}
row._time = {{human readable _time of row clicked}}
row.inc_number = {{value of inc_number for row clicked}}
row.TYPE = {{value of TYPE for row clicked}}

0 Karma
Reply

snoobzilla
Builder
‎11-18-2016 05:21 AM

I was asking specifically about the Timeline - Custom Visualization. Are you testing from that visualization?

https://splunkbase.splunk.com/app/3120/

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...