Hi All,
I am working on the dashboard which makes use of trellis layout. Below is the query I am using :
index="_internal" sourcetype="test" source="*test.log*"
| rename host as ipaddress
| join ipaddress
[ |inputlookup activemachines.csv
| fields ipaddress]
| stats dc(ipaddress) as instances_sentinel_installed
| appendcols
[ |inputlookup activemachines.csv
| stats count(ipaddress) as total_machines ]
| eval Percent=round((instances_sentinel_installed/total_machines)*100,2)
| rename total_machines as "Total Active Machines" instances_sentinel_installed as "Instances with Sentinel Installed"
| table "Total Active Machines" "Instances with Sentinel Installed" Percent
The trellis layout looks like I have shared in screenshot.
2129 is "Total Active Machines"
502 is "Instances with Sentinel Installed"
24 is Percentage
I have to use field name on click of the trellis. ex : If I click on 2129 I should get this "Total Active Machines" fieldname and this one I am using in the custom link.
I tried this and few more like click.name, click.name2, click.value and so.
<drilldown>
<set token="tokName">$trellis.value$</set>
<link target="_blank">search?asdasdasd$tokName$&earliest=-60m%40m&latest=now</link>
</drilldown>
With trellis.value, I am getting field value i.e 2129 but I want fieldname.
Please anyone help me on this. I appreciate your response.
Thanks in advance,
NVP
