Solved: Re: How to set up a drilldown within a timechart t...

KindaWorking · ‎01-11-2015

I am a splunk/drill down and eval newbie. And I have a quick question.

I would like to have a drill down set up in a dashboard so I can click on a date in a timechart and have another panel lower down in the same dashboard update to show data from the date that I clicked on.

Currently I can pass through the $click.value$ through to a date picker but that will only pass through the earliest. For instance

<drilldown>
          <set token="timefield.earliest">$click.value$</set>
          <set token="form.timefield.earliest">$click.value$</set>
</drilldown>

How do I make it set the timefield.latest as well? I feel like I am missing something really obvious.

The only solution I could think of was to make an eval query and use that, but being a noobie to that I cannot get that to quite work yet either. Also this would not be ideal as the amount of time I want to look at varies depending on the time period I am looking at.

Example of the Eval I was trying to use

|eval $form.placeholder$=timetestearliest+timetest

Thanks

ramdaspr · ‎02-02-2015

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

View solution in original post

ramdaspr · ‎02-02-2015

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

KindaWorking · ‎02-03-2015

Thanks ramdaspr. That is exactly what I was after.

How to set up a drilldown within a timechart to search over the selected time and output the data in another panel below?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM