Dashboards & Visualizations

Single value drill down search query in the dashboard

P2kumari
Loves-to-Learn Lots

Hi All,

I have created a single value panel and then wanted to have a drill down search query not dashboard query.

So I was able to do it but I have an issue like if the drilldown search query contains "creationhybris>$tokearliest$ and creationhybris<&$toklatest$" then the search query is not working. It is showing blank in the uri.

Here the creation hybris is the field which contain epoch time thing and we have already converted the earliest and latest into epoch time in our xml query of the dashboard.

Please help here if someone has any idea to resolve this issue.

Labels (1)
0 Karma

dmuraleetcs
Explorer

If creationhybris is passed by value, then you should use it as token in subsequent query $creationhybris$

0 Karma

bowesmana
SplunkTrust
SplunkTrust

A few points/questions

'and' between the tests should be capitalised AND

https://docs.splunk.com/Documentation/Splunk/8.0.4/Search/Booleanexpressions

- you say 'creation hybris' is the field (2 words separated with space), but it's a single word in the test.

- your example search query is quoted in its entirety, is that what it really is or is it quoted here for example

Can you provide the <drilldown> section from the panel and the <query> section from your subsequent search.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...