Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Passing values from multiples row to another dashboard

ashish9433
Communicator
‎01-15-2018 04:55 AM

HI Team,

I have a table which has multiple values like below. In the table there are multiple Check_Category and for each Check_Category there are multiple check_ids.

alt text

What i want to do is, when someone clicks on Any Check_Category, in the above example lets say the person click on "Initial Setup", then i need to drilldown to another page having only those Check_ID as columns

As in below screenshot i will have only those check_ID as colomn which are listed for clicked "Check_Category".

Basically if i can get the list of all the Check_ID, separated by "Space", then i can use fields command to list only those columns.

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

mayurr98
Super Champion
‎01-15-2018 10:38 AM

Is this what you are looking for?

 <drilldown target="My New Window">
       <link>
          /app/search/<dashboardname>?form.fieldname=$row.fieldname$
        </link>
  </drilldown>

http://docs.splunk.com/Documentation/Splunk/6.0.2/Viz/Dynamicdrilldownindashboardsandforms

so steps : you need to create two dashboards..so suppose your main dashboard is test3 and drilldown dashboard is test4

so test3 XML is 

<dashboard>
  <label>test3</label>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=* | table file clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <drilldown target="My New Window">
       <link>
          /app/search/test4?form.file=$row.file$
        </link>
  </drilldown>   
      </table>
    </panel>
  </row>
</dashboard>

and test4 XML is

<form>
  <label>test4</label>
  <fieldset submitButton="false">
    <input type="text" token="file" searchWhenChanged="true"></input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=test clientip=*  | search file=$file$|  stats latest(referer) by clientip | transpose 0 column_name=clientip header_field=clientip | fields - clientip</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

I hope that helps ! This is working XML's but it won't work in your as you do not have data for those queries so customize the XML and you will get the output!

let me know if it helps !

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...