How to edit the XML for my dashboard table drilldo... - Page 2

prisin123 · ‎08-08-2016

Hi,

My team and I are working on a project and we are trying to open data logs within our dashboard. Our current XML code enables us to open the data logs in the dashboard, but it opens all the logs within the server. So given any attribute that we click on the table, all the data logs are displayed instead of just the data log specific to that attribute. Is there a way I can fix that so only the log related to the attribute is displayed? This is the XML source we have so far:

UPDATE
The logs are being displayed but now for example if I click on a specific ConnID all the logs with that same connID is being displayed. Is there a way to write the query such that only the log related to that specific ConnID and Event that's being clicked on is open?

<form>
    <label>Genesys Search Test</label>
    <fieldset submitButton="false" autoRun="true">
        <input type="text" token="tok_ID" searchWhenChanged="true">
            <label>ConnID/CallUUID</label>
            <default>*</default>
        </input>
    </fieldset>
    <row>
        <panel>
            <title>Genesys Server</title>
            <table>
                <title>Avaya Tserver</title>
                <search>
                    <query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?&lt;EventName&gt;\w+)"| rex"AttributeConnID'?\s'?(?&lt;AttributeConnID&gt;[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?&lt;AttributeANI&gt;[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?&lt;AttributeDNIS&gt;[^\t\n]+)"| rex"AttributeCallType'?\s'?(?&lt;AttributeCallType&gt;[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?&lt;AttributeCallUUID&gt;[^\t\n]+)"|rex"AttributeUserData'?\s'?(?&lt;AttributeUserData&gt;[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
                    <earliest>-30d@d</earliest>
                    <latest>now</latest>
                </search>
                <drilldown>
                    <condition>
                        <set token="tok_ShowEvents">true</set>
                        <eval token="e">$click.value$-1</eval >
                        <eval token="l">$click.value$+1</eval >
                        <set token="AttributeConnID">$row.AttributeConnID$</set>
                        <set token="AttributeANI">$row.AttributeANI$</set>
                        <set token="AttributeCallType">$row.AttributeCallType$</set>
                        <set token="AttributeDNIS">$row.AttributeDNIS$</set>
                        <set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
                    </condition>
                </drilldown>
                <option name="wrap">undefined</option>
                <option name="rowNumbers">undefined</option>
                <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
                <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
                <option name="charting.axisTitleX.visibility">visible</option>
                <option name="charting.axisTitleY.visibility">visible</option>
                <option name="charting.axisTitleY2.visibility">visible</option>
                <option name="charting.axisX.scale">linear</option>
                <option name="charting.axisY.scale">linear</option>
                <option name="charting.axisY2.enabled">0</option>
                <option name="charting.axisY2.scale">inherit</option>
                <option name="charting.chart">bubble</option>
                <option name="charting.chart.bubbleMaximumSize">50</option>
                <option name="charting.chart.bubbleMinimumSize">10</option>
                <option name="charting.chart.bubbleSizeBy">area</option>
                <option name="charting.chart.nullValueMode">gaps</option>
                <option name="charting.chart.showDataLabels">none</option>
                <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
                <option name="charting.chart.stackMode">default</option>
                <option name="charting.chart.style">shiny</option>
                <option name="charting.drilldown">all</option>
                <option name="charting.layout.splitSeries">0</option>
                <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
                <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
                <option name="charting.legend.placement">right</option>
                <option name="dataOverlayMode">none</option>
                <option name="drilldown">row</option>
                <option name="count">10</option>
            </table>
        </panel>
    </row>
    <row>
        <panel depends="$tok_ShowEvents$">
            <event>
                <search>
                    <query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?&lt;EventName&gt;\w+)"| rex "AttributeConnID'?\s'?(?&lt;AttributeConnID&gt;[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?&lt;AttributeANI&gt;[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?&lt;AttributeDNIS&gt;[^\t\n]+)"| rex "AttributeCallType'?\s'?(?&lt;AttributeCallType&gt;[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?&lt;AttributeCallUUID&gt;[^\t\n]+)"| rex "AttributeUserData'?\s'?(?&lt;AttributeUserData&gt;[^\t\n]+)"</query>
                    <earliest></earliest>
                    <latest></latest>
                </search>
            </event>
        </panel>
    </row>
</form>

How to edit the XML for my dashboard table drilldown to only display log data specific to the attribute I click on?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!