Solved: Dynamic drilldown in column chart to store earlies...

dorlevy88 · ‎07-15-2014

When trying to drill down from a column chart to a different, I want to get the earliest and latest time of the column itself and store it in a token.

    <drilldown>
      <set token="drillTimeEarly">$earliest$</set>
      <set token="drillTimeLatest">$latest$</set>
    </drilldown>

In the past i was able to get the appropriate time of the column i clicked on, but now I get the earliest/latest of the search itself.

Does anyone have any idea why it happens?

the search string is - host="DV-LB01" | bucket _time span=$span$ | chart count by _time

Any help will be helpful.

Thanks,
Dor Levy

dorlevy88 · ‎07-31-2014

Fixed - The only way to get a bar ealiest and latest is if it is a timechart.

changed the search from -
host="DV-LB01" | bucket _time span=$span$ | chart count by _time

to-
host="DV-LB01" | timechart span=$span$ count

Hope it helps,
Dor Levy

View solution in original post

dorlevy88 · ‎07-31-2014

Fixed - The only way to get a bar ealiest and latest is if it is a timechart.

changed the search from -
host="DV-LB01" | bucket _time span=$span$ | chart count by _time

to-
host="DV-LB01" | timechart span=$span$ count

Hope it helps,
Dor Levy

Dynamic drilldown in column chart to store earliest and latest time in a token

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

Dynamic drilldown in column chart to store earliest and latest time in a token

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25