Solved: Dynamic drilldown in column chart to store earlies...

dorlevy88 · ‎07-15-2014

When trying to drill down from a column chart to a different, I want to get the earliest and latest time of the column itself and store it in a token.

    <drilldown>
      <set token="drillTimeEarly">$earliest$</set>
      <set token="drillTimeLatest">$latest$</set>
    </drilldown>

In the past i was able to get the appropriate time of the column i clicked on, but now I get the earliest/latest of the search itself.

Does anyone have any idea why it happens?

the search string is - host="DV-LB01" | bucket _time span=$span$ | chart count by _time

Any help will be helpful.

Thanks,
Dor Levy

dorlevy88 · ‎07-31-2014

Fixed - The only way to get a bar ealiest and latest is if it is a timechart.

changed the search from -
host="DV-LB01" | bucket _time span=$span$ | chart count by _time

to-
host="DV-LB01" | timechart span=$span$ count

Hope it helps,
Dor Levy

View solution in original post

dorlevy88 · ‎07-31-2014

Fixed - The only way to get a bar ealiest and latest is if it is a timechart.

changed the search from -
host="DV-LB01" | bucket _time span=$span$ | chart count by _time

to-
host="DV-LB01" | timechart span=$span$ count

Hope it helps,
Dor Levy

Dynamic drilldown in column chart to store earliest and latest time in a token

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

Dynamic drilldown in column chart to store earliest and latest time in a token

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine