Solved: How to setup dashboard drilldown so clicked value ...

jeffreyjewitt · ‎09-04-2014

Hi:

I will admit to getting confused with the advanced simple XML dashboarding.
I currently has a simple 3 form (1 textbox, 1 dropdown and time picker) dashboard that populates a table with data. You can then click on a value in the data, and the results will redirect you to the search app, fill in a query and start searching.
What I would love to have is that same 3 form simple dashboard, but have the results from clicking on a value in the data return below the table, not in a separate page or app.
I believe that this is possible, as it seems to be done by the splunk sos app (drop down for what splunk server to query, and a time picker), and below is a splunk search driven by data selected from a list box. I was looking at the source xml for the SOS app, and getting totally confused as to how it was working.

I've been looking at the documentation for the splunk dashboard_examples app, but it doesn't seem to show that usage case.

Does anyone have any idea if what I want to do is possible, and any tips as to how to go about achieving this?

Thanks for any assistance you could provide

-Jeff

Below is the current dashboard:

<form >

<label >Blah</label >

<fieldset >

    <input type="text" token="memberID" > 

        <label >MemberID</label > 

        <default >*</default > 

        <seed >*</seed > 

    </input >

    <input type="dropdown" token="transactionType" >

        <label >Select a Transaction Type</label >

        <choice value="*" >Any</choice >

    </input >

    <input type="time" token="dashboardTime" searchWhenChanged="true" >

        <label >Timeframe</label >

        <default >

            <earliestTime >@d</earliestTime >

            <latestTime >now</latestTime >

        </default >

    </input >

</fieldset >

<searchTemplate > 

    <seaerch > | stats count(transferID) by transferID | fields transferID

</searchTemplate >

<row >   

    <!-- show results as a table -- >

    <table >

        <option name="showPager" >true</option >

        <option name="count" >20</option >

        <option name="drilldown" >all</option >

            <drilldown >

            <link target="_blank" >

                <![CDATA[/app/search/flashtimeline?q=search%20h<search > $click.value$ earliest="$earliest$" latest="$latest$"]] >

            </link >

        </drilldown >

        <option name="drilldown" >row</option >

    </table >      

</row >

   </form >

akazarov · ‎09-23-2014

Yes this is possible.
1. Upgrade to splunk 6.1.3
2. Install Application "Splunk 6.x Dashboard Examples" (download archive and install in your instance)
3. Check "Contextual Drilldown (In-page)" example. It is pretty simple.

View solution in original post

ygkr · ‎01-23-2017

@akazarov

I saw that example but in my case I need to pass two token values as depends.

with one token its working but its not working for multiple token can u plz help in passing the multiple tokens.

akazarov · ‎09-23-2014

Yes this is possible.
1. Upgrade to splunk 6.1.3
2. Install Application "Splunk 6.x Dashboard Examples" (download archive and install in your instance)
3. Check "Contextual Drilldown (In-page)" example. It is pretty simple.

pradeepkumarg · ‎09-04-2014

You can try

Sideviewutils - Gate module to achieve same page drill down

http://sideviewapps.com/apps/sideview-utils/

OR

If you are running Splunk 6.x you can make use of web framework to develop interactive views.

You can download Web Framework Tool Kit examples from apps.splunk.com

http://apps.splunk.com/app/1613/

How to setup dashboard drilldown so clicked value in table will return results on the same page?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms