How to create contextual drilldown from table to t...

giovere · ‎09-16-2016

I'm trying to make a dashboard, so far I have a table which derived from multisearch, because set of fields is different:

| multisearch [search index=x host=y | eval name="A"]
[search index=x host=y | eval name="B"]
[search index=z host=u | eval name="C"]
[search index=w host=l | eval name="D"]
[search index=f host=p | eval name="E"] | stats count by name

Ideally I'd like to have contextual drilldown which would generate a timechart depending on the selected row.
For example if Name D is selected following timechart should be displayed:

search index=w host=l | eval name="D" | timechart count

What is the best way to approach it, if it is doable at all?
Thanks in advance

somesoni2 · ‎09-16-2016

Since, the field name is a custom eval field, a direct drilldown will not be available. You'd need to setup custom drilldown search based on the name value clicked.

<table>
....
<drilldown>
    <eval token="index">case("$click.value2$"="B","x","$click.value2$"="C","z","$click.value2$"="D","w","$click.value2$"="E","f")</eval>
    <eval token="host">case("$click.value2$"="B","y","$click.value2$"="C","u","$click.value2$"="D","l","$click.value2$"="E","p")</eval>
</drilldown>
</table>
</row>
<row>
<panel depends="$index$">
<chart>
....
<search>
    <query>index=$index$ host=$host$ | timechart count</query>
.....
...

giovere · ‎09-17-2016

Thanks for the answer, apparently I'm missing something, when I click on cell it does not trigger anything. Maybe I should make something like: "set token", are you sure about syntax with $click.value2$, what is 2 at the end doing?

How to create contextual drilldown from table to timechart with different searches?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor