Solved: Enable or disable drilldown based on time range

sanjeev543 · ‎12-02-2019

Hi,

Is it possible to apply the drill down only when the selected time rage is met?
For example, I would like to enable the drill down only if I am selecting more than 7 days ago to in dashboard

kamlesh_vaghela · ‎12-03-2019

@sanjeev543

Can you please try this? I have used search for getting count from search with particular condition. You can find it in below XML.

<form>
  <label>Test </label>
  <search>
    <query>
      | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) | where day>=7 
    </query>
    <earliest>$earliest$</earliest>
    <latest>$latest$</latest>
    <done>
      <set token="jobcount">$job.resultCount$</set>
    </done>
  </search>
  <fieldset submitButton="false">
    <input type="time">
      <label></label>
      <default>
        <earliest>-48h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$jobcount$ $drilldown_called$</title>
      <table>
        <search>
          <query> | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) </query>
        </search>
        <option name="drilldown">row</option>
        <drilldown>
          <condition match="$jobcount$ != &quot;0&quot;">
            <set token="drilldown_called">True</set>
            <!-- KEEP DRILLDOWN LOGC HERE -->
          </condition>
          <condition>
            <unset token="drilldown_called"></unset>
            <!-- SKIP DRILL DOWN BY KEEPING BLANK -->
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
</form>

Thanks

View solution in original post

kamlesh_vaghela · ‎12-03-2019

@sanjeev543

Can you please try this? I have used search for getting count from search with particular condition. You can find it in below XML.

<form>
  <label>Test </label>
  <search>
    <query>
      | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) | where day>=7 
    </query>
    <earliest>$earliest$</earliest>
    <latest>$latest$</latest>
    <done>
      <set token="jobcount">$job.resultCount$</set>
    </done>
  </search>
  <fieldset submitButton="false">
    <input type="time">
      <label></label>
      <default>
        <earliest>-48h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$jobcount$ $drilldown_called$</title>
      <table>
        <search>
          <query> | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) </query>
        </search>
        <option name="drilldown">row</option>
        <drilldown>
          <condition match="$jobcount$ != &quot;0&quot;">
            <set token="drilldown_called">True</set>
            <!-- KEEP DRILLDOWN LOGC HERE -->
          </condition>
          <condition>
            <unset token="drilldown_called"></unset>
            <!-- SKIP DRILL DOWN BY KEEPING BLANK -->
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
</form>

Thanks

Enable or disable drilldown based on time range

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Enable or disable drilldown based on time range

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!