Re: Cell Based Drill Down

jason_hotchkiss · ‎09-09-2022

Hello -

I have a table with several columns:

Host	Src IP	Dest IP	Src Port	Dest Port
myHost	10.0.0.1	10.0.0.2	50000	80

I would like to have cell based drills downs. For example, Host would drill down into a dashboard called host_detail.xml, the rest of the columns would fill the value of the clicked cell to the appropriate filter token.
The tokens are called src_ip_tok, dest_ip_tok, src_port_tok, and dest_port_tok.

How would I accomplish this?

Thank you.

richgalloway · ‎09-09-2022

What you describe is row-based drilldown, not cell-based. In cell-based drilldown, each cell in a row has a different drilldown destination, but here the cells are just arguments to a shared drilldown.

In the drilldown definition, specify the arguments using the format $row.<<column>>$.

$row.Host$ $row.Src IP$ $row.Dest IP$ $row.Src Port$ $row.Dest Port$

Note that column names are used rather than token names.

---
If this reply helps you, Karma would be appreciated.

jason_hotchkiss · ‎09-09-2022

Thank you, regarding this:

each cell in a row has a different drilldown destination

What would the XML look like if each cell had a different drilldown destination?

richgalloway · ‎09-09-2022

I could try to explain it, but I think this answer does it better than I could. https://community.splunk.com/t5/Splunk-Search/How-to-set-a-different-drilldown-for-each-cell-in-a-ta...

---
If this reply helps you, Karma would be appreciated.

How to accomplish a cell based drill down?

chart

drilldown

simple XML

token

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...