Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Data log on dashboard

sonasingh147
New Member
‎07-26-2016 12:59 PM

I currently have a table on my dashboard that filters specific fields from my data log and when you click on a specific field of table it opens the log on a new web page. Is there a way I can open the data log under my table on the dashboard?

0 Karma
Reply

somesoni2
Revered Legend
‎07-26-2016 04:11 PM

What you're speaking of is called "In-page" OR "Contextual" drilldown. The Splunk 6.x Dashboard example app has examples of that under "Drilldown element". https://splunkbase.splunk.com/app/1603/

For your reference, the example code is this (run anywhere code, works on 6.2,6.3,6.4 version

<form>
    <label>In-Page Drilldown with Perma-linking</label>
    <fieldset submitButton="false">
        <!--
            Create an input to store the drilldown value. It will be hidden using custom javascript when
            the dashboard is loaded.
         -->
        <input type="text" token="sourcetype" searchWhenChanged="true"/>
    </fieldset>
    <row>
        <table id="master">
            <title>Master</title>
            <search>
                <query>index=_internal | stats count by sourcetype</query>
                <earliest>-60m@m</earliest>
                <latest>now</latest>
            </search>
            <!-- Set the type of of drilldown, since we will always consume the same field, use row-->
            <option name="drilldown">row</option>
            <drilldown>
                <!-- Use set to specify the new token to be created.
                     Use any token from the page or from the click event to produce the value needed. -->
                <set token="sourcetype">$row.sourcetype$</set>
                <!-- If we also set the form.sourcetype the input will get updated too -->
                <set token="form.sourcetype">$row.sourcetype$</set>
            </drilldown>
        </table>
    </row>
    <row>
        <!-- depends is the way we tell the content to only show when the token has a value.
             Hint: use comma separated values if the element requires more than one token. -->
        <chart id="detail" depends="$sourcetype$">
            <title>Detail: $sourcetype$</title>
            <search>
                <query>index=_internal sourcetype=$sourcetype$ | timechart count</query>
                <earliest>-60m@m</earliest>
                <latest>now</latest>
            </search>
        </chart>
    </row>
</form>
Reply

sundareshr
Legend
‎07-26-2016 04:03 PM

See if this gives you any ideas. Create an events panel to drilldown to

http://docs.splunk.com/Documentation/Splunk/6.4.2/Viz/Dynamicdrilldownindashboardsandforms

Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...