Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Help on Dynamic Dashboard Drilldown

jip31
Motivator
‎06-11-2019 05:26 AM

Hi, in my dashboard I use the search below:

  [| inputlookup host.csv 
        | table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process" 
    | bucket _time span=3m 
    | where process_cpu_used_percent>80 
    | dedup host process_name 
    | lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
    | search SITE=$tok_filtersite|s$ 
    | stats count(process_name) as Total by host
    | sort -Total limit=10

When I click on the result panel, I open a drilldown
The code of the drilldown is :

[| inputlookup host.csv 
    | table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process" 
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| dedup host process_name 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE COUNTRY TOWN ROOM | eval time = strftime(_time, "%m/%d/%Y %H:%M") 
| stats latest(time) as time values(COUNTRY) as COUNTRY, values(TOWN) as TOWN, values(SITE) as SITE, values(ROOM) as ROOM, count(process_name) as Total by host
| sort -Total

I need to update automatically the data in my drilldown from the data filtered on the main dashboard
It means that I need to retrieve the fields SITE already used in the main dashboard
How to do this?
Thank you.

0 Karma
Reply

jip31
Motivator
‎06-11-2019 10:11 PM

is anybody cant help me please??

0 Karma
Reply

jip31
Motivator
‎06-12-2019 12:07 AM

In the advanced parameter of the dashboard source, I have done :
SITE = $tok_filtersite|s$
And in the destination dashboard (drilldown), I have done :
| where SITE=$SITE$
It seems to work except when I choose * in the dropdown list instead a specific SITE
In this case, when I click on the dashboard source, I have an empty result in the dashboard destination......
What is the problem please??

0 Karma
Reply

jip31
Motivator
‎06-16-2019 07:52 AM

Is anybody for helping me please?

0 Karma
Reply

Shan
Builder
‎06-11-2019 05:37 AM

@jip31,

If you wish to display the same event(result) from panel query and drill-down query. Then i believe, you need to add below filter in drill-down query ..
correct me if i misunderstand your requirement..

| search SITE=$tok_filtersite|s$

Thanks ..

0 Karma
Reply

jip31
Motivator
‎06-11-2019 05:53 AM

I tried this but when I m doing this in my drill I have the message : the search is waiting for entries

0 Karma
Reply

jip31
Motivator
‎06-11-2019 10:09 AM

to my mind there is something to do in advanced parameters but i dont succeed

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...