How to create a table that, when I click on a valu...

rubeniturrieta · ‎11-04-2015

Hi to everyone

I need a dashboard with a table and a chart:

1) In the table, a list with a count for dest_ip from Cisco ASA,

2) When I click an ip, I need a pie chart in the same dashboard, without reload, with top src_ip.

How can I do this?

I'll be thankful for any help

Best regards

NOUMSSI · ‎01-11-2016

Try this and change queries

<form>
  <label>In-Page Drilldown with Perma-linking</label>
  <fieldset submitButton="false">
    <!--
            Create an input to store the drilldown value. It will be hidden using custom javascript when
            the dashboard is loaded.
         -->
    <input type="text" token="sourcetype" searchWhenChanged="true"></input>
  </fieldset>
  <row>
    <table id="master">
      <title>Master</title>
      <searchString>index=_internal | stats count by sourcetype</searchString>
      <earliestTime>-60m@m</earliestTime>
      <latestTime>now</latestTime>
      <!-- Set the type of of drilldown, since we will always consume the same field, use row-->
      <option name="drilldown">row</option>
      <drilldown>
        <!-- Use set to specify the new token to be created.
                     Use any token from the page or from the click event to produce the value needed. -->
        <set token="sourcetype">$row.sourcetype$</set>
        <!-- If we also set the form.sourcetype the input will get updated too -->
        <set token="form.sourcetype">$row.sourcetype$</set>
      </drilldown>
    </table>
  </row>
  <row>
    <!-- depends is the way we tell the content to only show when the token has a value.
             Hint: use comma separated values if the element requires more than one token. -->
    <chart id="detail" depends="$sourcetype$">
      <title>Detail: $sourcetype$</title>
      <search>
        <query>index=_internal sourcetype=$sourcetype$ | timechart count</query>
        <earliest>-60m@m</earliest>
        <latest>now</latest>
      </search>
      <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
      <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
      <option name="charting.axisTitleX.visibility">visible</option>
      <option name="charting.axisTitleY.visibility">visible</option>
      <option name="charting.axisTitleY2.visibility">visible</option>
      <option name="charting.axisX.scale">linear</option>
      <option name="charting.axisY.scale">linear</option>
      <option name="charting.axisY2.enabled">0</option>
      <option name="charting.axisY2.scale">inherit</option>
      <option name="charting.chart">pie</option>
      <option name="charting.chart.bubbleMaximumSize">50</option>
      <option name="charting.chart.bubbleMinimumSize">10</option>
      <option name="charting.chart.bubbleSizeBy">area</option>
      <option name="charting.chart.nullValueMode">gaps</option>
      <option name="charting.chart.showDataLabels">none</option>
      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
      <option name="charting.chart.stackMode">default</option>
      <option name="charting.chart.style">shiny</option>
      <option name="charting.drilldown">all</option>
      <option name="charting.layout.splitSeries">0</option>
      <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
      <option name="charting.legend.placement">right</option>
    </chart>
  </row>
</form>

How to create a table that, when I click on a value, drills down to a pie chart in the same dashboard?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor