Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Passing values from multiples row to another dashboard

ashish9433
Communicator
‎01-15-2018 04:55 AM

HI Team,

I have a table which has multiple values like below. In the table there are multiple Check_Category and for each Check_Category there are multiple check_ids.

alt text

What i want to do is, when someone clicks on Any Check_Category, in the above example lets say the person click on "Initial Setup", then i need to drilldown to another page having only those Check_ID as columns

As in below screenshot i will have only those check_ID as colomn which are listed for clicked "Check_Category".

Basically if i can get the list of all the Check_ID, separated by "Space", then i can use fields command to list only those columns.

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

mayurr98
Super Champion
‎01-15-2018 10:38 AM

Is this what you are looking for?

 <drilldown target="My New Window">
       <link>
          /app/search/<dashboardname>?form.fieldname=$row.fieldname$
        </link>
  </drilldown>

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

so steps : you need to create two dashboards..so suppose your main dashboard is test3 and drilldown dashboard is test4

so test3 XML is 

<dashboard>
  <label>test3</label>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=* | table file clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <drilldown target="My New Window">
       <link>
          /app/search/test4?form.file=$row.file$
        </link>
  </drilldown>   
      </table>
    </panel>
  </row>
</dashboard>

and test4 XML is

<form>
  <label>test4</label>
  <fieldset submitButton="false">
    <input type="text" token="file" searchWhenChanged="true"></input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=*  | search file=$file$|  stats latest(referer) by clientip | transpose 0 column_name=clientip header_field=clientip | fields - clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

I hope that helps ! This is working XML's but it won't work in your as you do not have data for those queries so customize the XML and you will get the output!

let me know if it helps !

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...