Hi All,

I am trying to drilldown from a trellis dashboard panel to another dashboard. The trellis dashboard panel is created using  the below query and used the "Single Value" visualization.

... | rex field=_raw "(?ms)]\|(?P<host>\w+\-\w+)\|" | rex field=_raw "(?ms)]\|(?P<host>\w+)\|" | rex field=_raw "\]\,(?P<host>[^\,]+)\," | rex field=_raw "\]\|(?P<host>[^\|]+)\|" | rex field=_raw "(?ms)\|(?P<File_System>(\/\w+){1,5})\|" | rex field=_raw "(?ms)\|(?P<Disk_Usage>\d+)" | rex field=_raw "(?ms)\s(?<Disk_Usage>\d+)%" | rex field=_raw "(?ms)\%\s(?<File_System>\/\w+)" | regex _raw!="^\d+(\.\d+){0,2}\w" | regex _raw!="/apps/tibco/datastore" | rex field=_raw "(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\s\d" | rex field=_raw "\[(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\]" | rex field=_raw "(?ms)\d\s(?<Total>\d+(\.\d+){0,2})\w\s\d" | rex field=_raw "(?ms)G\s(?<Used>\d+(\.\d+){0,2})\w\s\d" | eval Available=(Total-Used) | eval Time_Stamp=strftime(_time, "%b %d, %Y %I:%M:%S %p") 
| lookup Master_List.csv "host"
| search "Tech Stack"=*
| search Region=*
| search Environment=*
| search host=*
| search File_System=*
| search Disk_Usage=*
| stats count count(eval(Disk_Usage>=80)) as issue by host | stats count as Total_Servers count(eval(issue > 0)) as Affected_Servers

The dashboard which is drilled down to, gives the details of the disk usage along with the servers and others. Below query is used to create the dashboard:

... | rex field=_raw "(?ms)]\|(?P<host>\w+\-\w+)\|" | rex field=_raw "(?ms)]\|(?P<host>\w+)\|" | rex field=_raw "\]\,(?P<host>[^\,]+)\," | rex field=_raw "\]\|(?P<host>[^\|]+)\|" | rex field=_raw "(?ms)\|(?P<File_System>(\/\w+){1,5})\|" | rex field=_raw "(?ms)\|(?P<Disk_Usage>\d+)" | rex field=_raw "(?ms)\s(?<Disk_Usage>\d+)%" | rex field=_raw "(?ms)\%\s(?<File_System>\/\w+)" | regex _raw!="^\d+(\.\d+){0,2}\w" | regex _raw!="/apps/tibco/datastore" | rex field=_raw "(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\s\d" | rex field=_raw "\[(?P<Time>\w+\s\w+\s\d+\s\d+\:\d+\:\d+\s\w+\s\d+)\]" | rex field=_raw "(?ms)\d\s(?<Total>\d+(\.\d+){0,2})\w\s\d" | rex field=_raw "(?ms)G\s(?<Used>\d+(\.\d+){0,2})\w\s\d" | eval Available=(Total-Used) | eval Time_Stamp=strftime(_time, "%b %d, %Y %I:%M:%S %p") 
| lookup Master_List.csv "host"
| search "Tech Stack"=*
| search Region=*
| search Environment=*
| search host=*
| search File_System=*
| search Disk_Usage=*
| eval Server=if(Disk_Usage>=80,"Affected_Servers","Total_Servers")
| search Server="$SVR$"
| table Time_Stamp,Environment,host,File_System,Total,Used,Available,Disk_Usage | sort - Disk_Usage
| rename Total as "Total in GB" Used as "Used in GB" Available as "Available in GB" Disk_Usage as "Disk_Usage in %"

Now, while configuring the drilldown, I am using the parameter and token as "SVR" and "$trellis.value$" but the drilldown value is giving no results and I can see the token is not passed.

Also please help to modify the drilled-down dashboard query such that when "Total_Servers" is clicked, it gives details of all disk usages and when "Affected_Servers" is clicked, it gives details of only the disk usages that are above 80.

Please help to make changes to the drilled-down dashboard query to get the expected drilldown from the trellis panel.

Your kind inputs are highly appreciated..!!

Thank You..!!