Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add drilldown and get fieldname from trellis layout in splunk?

Poojitha
Path Finder
‎02-27-2023 08:13 AM

Hi All,

I am working on the dashboard which makes use of trellis layout. Below is the query I am using :

 

 

index="_internal" sourcetype="test" source="*test.log*" 
| rename host as ipaddress
| join ipaddress
[ |inputlookup activemachines.csv
| fields ipaddress]
| stats dc(ipaddress) as instances_sentinel_installed
| appendcols
[ |inputlookup activemachines.csv
| stats count(ipaddress) as total_machines ]
| eval Percent=round((instances_sentinel_installed/total_machines)*100,2)
| rename total_machines as "Total Active Machines" instances_sentinel_installed as "Instances with Sentinel Installed"
| table "Total Active Machines" "Instances with Sentinel Installed" Percent

 

 


The trellis layout looks like I have shared in screenshot.
2129 is "Total Active Machines"
502 is "Instances with Sentinel Installed"
24 is Percentage

I have to use field name on click of the trellis. ex : If I click on 2129 I should get this "Total Active Machines" fieldname and this one I am using in the custom link.

I tried this and few more like click.name, click.name2, click.value and so.
<drilldown>
<set token="tokName">$trellis.value$</set>
<link target="_blank">search?asdasdasd$tokName$&amp;earliest=-60m%40m&amp;latest=now</link>
</drilldown>
With trellis.value, I am getting field value i.e 2129 but I want fieldname.

Please anyone help me on this. I appreciate your response.

Thanks in advance,
NVP

Labels (5)
Preview file
63 KB
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-27-2023 02:38 PM

Use $trellis.name$ for name and value for value.

https://docs.splunk.com/Documentation/Splunk/9.0.2/Viz/VisualizationTrellis#Predefined_tokens_for_tr...

 

0 Karma
Reply

Poojitha
Path Finder
‎02-27-2023 10:06 PM

I tried that still not getting fieldname , instead am getting  as "result "

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎02-27-2023 11:34 PM

Mmm, I am also having some strange results with trellis tokens...

I am not a big fan of trellis - I prefer using Chris Younger's number viz, which does trellis on its own and is really customisable.

https://splunkbase.splunk.com/app/4537

 

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...