Re: Drilldown chart - How to rename $click.value2...

kavyaka03 · ‎12-10-2019

For the below query when I click on the graph, it should drill down based on the severity condition.

if $click.value2$ is CRITICAL(Ambari) then i want to rename the filed as CRITICAL
if $click.value2$ is MAJOR(Ambari) then i want to rename the filed as MAJOR
if $click.value2$ is MINOR(Ambari) then i want to rename the filed as MINOR
if $click.value2$ is CRITICAL(infra) then i want to rename the filed as CRITICAL
if $click.value2$ is MAJOR(infra) then i want to rename the filed as MAJOR
if $click.value2$ is MINOR(infra) then i want to rename the filed as MINOR

so the SEVERITY will be updated as CRITICAL or MINOR or MAJOR

DRILLDOWN QUERY:

index=alrsm sourcetype=source APPLICATION=Hadoop OR APPLICATION=Unix MANAGER_NAME=prdehdp*
SEVERITY=CRITICAL
| eval SEV=case(APPLICATION="Hadoop" AND SEVERITY="CRITICAL", "CRITICAL(Ambari)",
APPLICATION="Hadoop" AND SEVERITY="MINOR", "MINOR(Ambari)",
APPLICATION="Hadoop" AND SEVERITY="MAJOR", "MAJOR(Ambari)",
APPLICATION="Unix" AND SEVERITY="CRITICAL", "CRITICAL(Infra)",
APPLICATION="Unix" AND SEVERITY="MINOR", "MINOR(Infra)",
APPLICATION="Unix" AND SEVERITY="MAJOR", "MAJOR(Infra)")

|rename NETWORKELEMENTCODE as SERVER_NAME, AMONAME as SHORT_DESCRIPTION, SEV as SEVERITY | stats COUNT by SERVER_NAME SHORT_DESCRIPTION DESCRIPTION SEVERITY

aberkow · ‎12-10-2019

There might be a more complex answer that works too, but have you considered just splitting severity and classification into two things? Severity = MINOR, Classification = AMBARI? Then, when you click it, you don't have to worry about this.

kavyaka03 · ‎12-11-2019

Can we rename the $click.value2$ based on the condition of the clicked value ?

vnravikumar · ‎12-11-2019

Hi

If possible, can you post your xml code?

Drilldown chart - How to rename $click.value2$ based on the conditions

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life