Solved: Enable or disable drilldown based on time range

sanjeev543 · ‎12-02-2019

Hi,

Is it possible to apply the drill down only when the selected time rage is met?
For example, I would like to enable the drill down only if I am selecting more than 7 days ago to in dashboard

kamlesh_vaghela · ‎12-03-2019

@sanjeev543

Can you please try this? I have used search for getting count from search with particular condition. You can find it in below XML.

<form>
  <label>Test </label>
  <search>
    <query>
      | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) | where day>=7 
    </query>
    <earliest>$earliest$</earliest>
    <latest>$latest$</latest>
    <done>
      <set token="jobcount">$job.resultCount$</set>
    </done>
  </search>
  <fieldset submitButton="false">
    <input type="time">
      <label></label>
      <default>
        <earliest>-48h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$jobcount$ $drilldown_called$</title>
      <table>
        <search>
          <query> | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) </query>
        </search>
        <option name="drilldown">row</option>
        <drilldown>
          <condition match="$jobcount$ != &quot;0&quot;">
            <set token="drilldown_called">True</set>
            <!-- KEEP DRILLDOWN LOGC HERE -->
          </condition>
          <condition>
            <unset token="drilldown_called"></unset>
            <!-- SKIP DRILL DOWN BY KEEPING BLANK -->
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
</form>

Thanks

View solution in original post

kamlesh_vaghela · ‎12-03-2019

@sanjeev543

Can you please try this? I have used search for getting count from search with particular condition. You can find it in below XML.

<form>
  <label>Test </label>
  <search>
    <query>
      | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) | where day>=7 
    </query>
    <earliest>$earliest$</earliest>
    <latest>$latest$</latest>
    <done>
      <set token="jobcount">$job.resultCount$</set>
    </done>
  </search>
  <fieldset submitButton="false">
    <input type="time">
      <label></label>
      <default>
        <earliest>-48h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>$jobcount$ $drilldown_called$</title>
      <table>
        <search>
          <query> | makeresults | addinfo | eval diff=info_max_time - info_min_time, day=round(diff/60/60/24,0) </query>
        </search>
        <option name="drilldown">row</option>
        <drilldown>
          <condition match="$jobcount$ != &quot;0&quot;">
            <set token="drilldown_called">True</set>
            <!-- KEEP DRILLDOWN LOGC HERE -->
          </condition>
          <condition>
            <unset token="drilldown_called"></unset>
            <!-- SKIP DRILL DOWN BY KEEPING BLANK -->
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
</form>

Thanks

Enable or disable drilldown based on time range

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

Enable or disable drilldown based on time range

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard