Re: Cell Based Drill Down

jason_hotchkiss · ‎09-09-2022

Hello -

I have a table with several columns:

Host	Src IP	Dest IP	Src Port	Dest Port
myHost	10.0.0.1	10.0.0.2	50000	80

I would like to have cell based drills downs. For example, Host would drill down into a dashboard called host_detail.xml, the rest of the columns would fill the value of the clicked cell to the appropriate filter token.
The tokens are called src_ip_tok, dest_ip_tok, src_port_tok, and dest_port_tok.

How would I accomplish this?

Thank you.

richgalloway · ‎09-09-2022

What you describe is row-based drilldown, not cell-based. In cell-based drilldown, each cell in a row has a different drilldown destination, but here the cells are just arguments to a shared drilldown.

In the drilldown definition, specify the arguments using the format $row.<<column>>$.

$row.Host$ $row.Src IP$ $row.Dest IP$ $row.Src Port$ $row.Dest Port$

Note that column names are used rather than token names.

---
If this reply helps you, Karma would be appreciated.

jason_hotchkiss · ‎09-09-2022

Thank you, regarding this:

each cell in a row has a different drilldown destination

What would the XML look like if each cell had a different drilldown destination?

richgalloway · ‎09-09-2022

I could try to explain it, but I think this answer does it better than I could. https://community.splunk.com/t5/Splunk-Search/How-to-set-a-different-drilldown-for-each-cell-in-a-ta...

---
If this reply helps you, Karma would be appreciated.

How to accomplish a cell based drill down?

chart

drilldown

simple XML

token

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation