Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Passing values from multiples row to another dashboard

ashish9433
Communicator
‎01-15-2018 04:55 AM

HI Team,

I have a table which has multiple values like below. In the table there are multiple Check_Category and for each Check_Category there are multiple check_ids.

alt text

What i want to do is, when someone clicks on Any Check_Category, in the above example lets say the person click on "Initial Setup", then i need to drilldown to another page having only those Check_ID as columns

As in below screenshot i will have only those check_ID as colomn which are listed for clicked "Check_Category".

Basically if i can get the list of all the Check_ID, separated by "Space", then i can use fields command to list only those columns.

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

mayurr98
Super Champion
‎01-15-2018 10:38 AM

Is this what you are looking for?

 <drilldown target="My New Window">
       <link>
          /app/search/<dashboardname>?form.fieldname=$row.fieldname$
        </link>
  </drilldown>

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

so steps : you need to create two dashboards..so suppose your main dashboard is test3 and drilldown dashboard is test4

so test3 XML is 

<dashboard>
  <label>test3</label>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=* | table file clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <drilldown target="My New Window">
       <link>
          /app/search/test4?form.file=$row.file$
        </link>
  </drilldown>   
      </table>
    </panel>
  </row>
</dashboard>

and test4 XML is

<form>
  <label>test4</label>
  <fieldset submitButton="false">
    <input type="text" token="file" searchWhenChanged="true"></input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=*  | search file=$file$|  stats latest(referer) by clientip | transpose 0 column_name=clientip header_field=clientip | fields - clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

I hope that helps ! This is working XML's but it won't work in your as you do not have data for those queries so customize the XML and you will get the output!

let me know if it helps !

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...