Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: In a dashboard with a custom drilldown, how wo...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-14-2018
03:05 AM
Hello,
In my dashboard, I need to define the custom drilldown where I would like to transport the _time, which is in the first column of my panel table. For that I need to have earliest and latest defined, where latest would be = earliest+1ms (at least that is how the Auto drilldown option gets it).
How would I do it?
My custom drilldown search looks as follows at the moment:
index=mlbso sourcetype=*_transports source="*$sourcesid$*.$targetsid$" transport_exitcode=8 earliest=$click.value$ latest=???
Please adise.
Kind Regards,
Kamil
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmaron
Motivator
11-14-2018
08:15 AM
You should be able to do an eval to add the time.
<drilldown>
<eval token="latesttime">$click.value$+1ms</eval>
<link>index=mlbso sourcetype=*_transports source="*$sourcesid$*.$targetsid$" transport_exitcode=8 earliest=$click.value$ latest=$latesttime$</link>
</drilldown>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmaron
Motivator
11-14-2018
08:15 AM
You should be able to do an eval to add the time.
<drilldown>
<eval token="latesttime">$click.value$+1ms</eval>
<link>index=mlbso sourcetype=*_transports source="*$sourcesid$*.$targetsid$" transport_exitcode=8 earliest=$click.value$ latest=$latesttime$</link>
</drilldown>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-15-2018
12:55 AM
Thank you.
It worked with
<eval token="latesttime">$click.value$+1ms</eval>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
11-15-2018
12:56 AM
$click.value$+0.001
Get Updates on the Splunk Community!
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
Splunk Observability for AI
Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...
🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler
From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0
mTLS wasn’t just a checkbox ...
