Dashboards & Visualizations

How to create a graph to drill down to another graph?

khailz
Explorer

Hi guys,

I'm pretty new to this and was wondering how to create a graph that can drill down to another graph?

Thu, 28 Jan 2016 16:40:45 GMT title="Edwin Tong vs WP" link=http://forums.testing.com/this-isjust-a-tetsing/tong-vs-wp-11111.html description="Mr Tong said: "Now, 
Tags (2)
0 Karma

somesoni2
Revered Legend

See this run anywhere example

<dashboard>
  <label>DrilldownChart</label>
  <row>
    <panel>
      <chart>
        <title>SourceTypeDistribution</title>
        <search>
          <query>index=_internal earliest=-15m | stats count by sourcetype</query>
          <earliest>0</earliest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.legend.placement">right</option>        
        <option name="charting.drilldown">all</option>
        <drilldown>
  <link>
  <![CDATA[

/app/search/search?earliest=$earliest$&latest=$latest$&q=search%20index%3D_internal%20sourcetype%3D$row.sourcetype$%20%7C%20timechart%20count&display.page.search.tab=visualizations&display.general.type=visualizations
  ]]>
  </link>
</drilldown>
      </chart>
    </panel>
  </row>
</dashboard>
0 Karma

khailz
Explorer

Thanks somesoni for your assistance. Though im not sure where to insert it in ? I have created a new dashboard for the code.

Also, separate question:
1. can the patterns be added as a panel?
2. can the below be further broken down into fields for each word ?
alt text
alt text

0 Karma

khailz
Explorer

I guess i went about another route, filtering by title instead.

I'm wondering if its possible to have page 2 display a graph instead of the raw search.

For example: when i click on "tom clancy's the division", it will show another drilled down graph instead of a raw search.

alt text
alt text

0 Karma

somesoni2
Revered Legend

You can set drilldown for the your page1 chart so that it shows/select another graph.

http://docs.splunk.com/Documentation/Splunk/6.3.2/Viz/PanelreferenceforSimplifiedXML#Drilldown_eleme...

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your sample event appears to be in a format Splunk should be parsing automatically into 'title', 'link', and 'description' fields. What are you seeing?

---
If this reply helps you, Karma would be appreciated.
0 Karma

khailz
Explorer

Hi sorry for the late reply. I am seeing 2 columns (Time & Event). Could it be i am using a rss feeder to pull the data that is why its not broken down ?

0 Karma

somesoni2
Revered Legend

What mode are you running your search in (Fast/Smart/Verbose, show just below the time-range picker)? If it's fast try running on Smart/Verbose mode.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...