Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Advanced charting drilldown onclick

pinzer
Path Finder
‎11-02-2010 09:05 AM

Hi all i'm trying to do an advanced view that onclick on the parameter "IP" of a pie chart open a flashtimeline adding the search "IP=the_clicked_value" but it doesnt work because on click it's added also the parameter "count" How can i do this? thanks 

<view refresh="1000" template="dashboard.html"> 
  <label>View Fede</label> 
  <module name="AccountBar" layoutPanel="navigationHeader"/> 
  <module name="AppBar" layoutPanel="navigationHeader"/> 
  <module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="True"> 
    <param name="search">sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" OR sourcetype="opsec" OR sourcetype="oracle_audit_*"| eval IP=case(sourcetype=="webseal_access", IP_Source, sourcetype=="wmi:wineventlog:security", Source_Network_Address, sourcetype="opsec", src_ip, sourcetype="oracle_audit_*", host_client) | search [search eventtype="searchIPS2" Direction="Inbound" Severity="Medium"  DestinationIP=* | fields DestinationIP | rename DestinationIP as IP | dedup IP] | stats count by IP | sort count desc</param> 
    <param name="earliest">1279576800</param> 
    <param name="latest">1279663200</param> 
    <module name="HiddenChartFormatter"> 
      <param name="charting.chart">pie</param> 
      <module name="JobProgressIndicator"/> 
      <!-- here's the FlashChart that we'll click on --> 
      <module name="FlashChart"> 
        <param name="width">100%</param> 
        <param name="height">360px</param> 
        <!-- we swap out the search to be a timechart.
--> 
        <module name="HiddenSearch"> 
          <param name="search">search eventtype="searchIPS2" Direction="Inbound" Severity="Medium" </param> 
          <param name="earliest">1279576800</param> 
          <param name="latest">1279663200</param> 
          <module name="ConvertToIntention"> 
            <param name="intention"> 
              <param name="name">addterm</param> 
              <param name="arg"> 
                <param name="IP">$click.value$</param> 
              </param> 
            </param> 
            <module name="ConvertToDrilldownSearch"> 
              <module name="ViewRedirector"> 
                <param name="viewTarget">flashtimeline</param>  
              </module> 
            </module> 
          </module> 
        </module> 
      </module> 
    </module> 
  </module>
</view>
0 Karma
Reply

thall79
Communicator
‎11-03-2010 08:11 PM

Looking at the XML I was able to duplicate that problem where count="10" would show up in the search bar after my $click.value$ when redirecting to a flashtimeline view.

So what I did to resolve this was remove

  <module name="ConvertToDrilldownSearch">

before the ViewRedirector and don't forget to remove the 

   </module>

that goes along with it so you can save it. Hopefully this helps.

travis.

Reply

sideview
SplunkTrust
SplunkTrust
‎11-17-2010 11:23 PM

That's correct. The XML posted is doing a combination of what is called 'generic drilldown' using the ConvertToDrilldownSearch module, and also 'Custom wired drilldown' using the ConvertToIntention module. See the "UI Examples for 4.1" app on splunkbase, specifically "Advanced XML > Drilldown Intro" that has examples that talk about this.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...