Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Passing values from multiples row to another dashboard

ashish9433
Communicator
‎01-15-2018 04:55 AM

HI Team,

I have a table which has multiple values like below. In the table there are multiple Check_Category and for each Check_Category there are multiple check_ids.

alt text

What i want to do is, when someone clicks on Any Check_Category, in the above example lets say the person click on "Initial Setup", then i need to drilldown to another page having only those Check_ID as columns

As in below screenshot i will have only those check_ID as colomn which are listed for clicked "Check_Category".

Basically if i can get the list of all the Check_ID, separated by "Space", then i can use fields command to list only those columns.

alt text

0 Karma
Reply

mayurr98
Super Champion
‎01-15-2018 10:38 AM

Is this what you are looking for?

 <drilldown target="My New Window">
       <link>
          /app/search/<dashboardname>?form.fieldname=$row.fieldname$
        </link>
  </drilldown>

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

so steps : you need to create two dashboards..so suppose your main dashboard is test3 and drilldown dashboard is test4

so test3 XML is 

<dashboard>
  <label>test3</label>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=* | table file clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <drilldown target="My New Window">
       <link>
          /app/search/test4?form.file=$row.file$
        </link>
  </drilldown>   
      </table>
    </panel>
  </row>
</dashboard>

and test4 XML is

<form>
  <label>test4</label>
  <fieldset submitButton="false">
    <input type="text" token="file" searchWhenChanged="true"></input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=*  | search file=$file$|  stats latest(referer) by clientip | transpose 0 column_name=clientip header_field=clientip | fields - clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

I hope that helps ! This is working XML's but it won't work in your as you do not have data for those queries so customize the XML and you will get the output!

let me know if it helps !

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Top