Splunk newbie here, I have been testing it for a few days already. I can now create searches and dashboards based on saved searches. However, I am having trouble in making 'drill down' to work. I would like a drill down to happen whenever I click in a particular value in a cell. When a user clicks on a cell item say 'Account1' I would like another search performed and the results displayed on the same page.
Any examples will be highly appreciated
I have gone through the documentation but I cant seem to apply it to my examples. My search is based on an sql query. ie.
<dashboard> <label>Account Performance</label> <row> <panel> <table> <search> <query>| dbquery AdWordsROI limit=1000 "select * from account_performance" |eval Cost="$".round(Cost/1000000,2) |eval CostPerConversion="$".round(CostPerConversion/1000000,2) |eval AverageCPC="$".round(AverageCPC/1000000,2) |eval AveragePosition=round(AveragePosition,2) |convert timeformat="%d-%m-%y" ctime(Day)</query> <earliest></earliest> <latest></latest> </search> </table> </panel> </row> </dashboard>
I would like to have an item in a cell clicked on and have it perform another sql search and have the results displayed either on a seperate dashboard or on the same dashboard below the previous table
Just want to make sure I understand. By default, each cell in a table is a clickable value, which will run a refined search using that value. So, for example, if my search is
index=_internal introspection | top 10 max_age and one of my result rows has a cell that shows a maxage value of 17, if I click the 17, then Splunk will run the following search: `index=internal introspection max_age=17`
Are you asking how to click an item in a table cell and have it run an entirely new search, using a token that takes the value from that cell? You can use the
click.value token to achieve this, and the basic contextual drilldown example in the docs should show you how.
You can also download the Dashboard Examples app to see live examples of all these simple XML capabilities.