- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Help on Dynamic Dashboard Drilldown
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help on Dynamic Dashboard Drilldown
Hi, in my dashboard I use the search below:
[| inputlookup host.csv
| table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process"
| bucket _time span=3m
| where process_cpu_used_percent>80
| dedup host process_name
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| search SITE=$tok_filtersite|s$
| stats count(process_name) as Total by host
| sort -Total limit=10
When I click on the result panel, I open a drilldown
The code of the drilldown is :
[| inputlookup host.csv
| table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process"
| bucket _time span=3m
| where process_cpu_used_percent>80
| dedup host process_name
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE COUNTRY TOWN ROOM | eval time = strftime(_time, "%m/%d/%Y %H:%M")
| stats latest(time) as time values(COUNTRY) as COUNTRY, values(TOWN) as TOWN, values(SITE) as SITE, values(ROOM) as ROOM, count(process_name) as Total by host
| sort -Total
I need to update automatically the data in my drilldown from the data filtered on the main dashboard
It means that I need to retrieve the fields SITE already used in the main dashboard
How to do this?
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is anybody cant help me please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the advanced parameter of the dashboard source, I have done :
SITE = $tok_filtersite|s$
And in the destination dashboard (drilldown), I have done :
| where SITE=$SITE$
It seems to work except when I choose * in the dropdown list instead a specific SITE
In this case, when I click on the dashboard source, I have an empty result in the dashboard destination......
What is the problem please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is anybody for helping me please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jip31,
If you wish to display the same event(result) from panel query and drill-down query. Then i believe, you need to add below filter in drill-down query ..
correct me if i misunderstand your requirement..
| search SITE=$tok_filtersite|s$
Thanks ..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried this but when I m doing this in my drill I have the message : the search is waiting for entries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to my mind there is something to do in advanced parameters but i dont succeed
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
