Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Single value drill down search query in the dashboard

P2kumari
Loves-to-Learn Lots
‎06-17-2020 12:55 PM

Hi All,

I have created a single value panel and then wanted to have a drill down search query not dashboard query.

So I was able to do it but I have an issue like if the drilldown search query contains "creationhybris>$tokearliest$ and creationhybris<&$toklatest$" then the search query is not working. It is showing blank in the uri.

Here the creation hybris is the field which contain epoch time thing and we have already converted the earliest and latest into epoch time in our xml query of the dashboard.

Please help here if someone has any idea to resolve this issue.

Labels (1)
Labels
0 Karma
Reply

dmuraleetcs
Explorer
‎06-18-2020 02:04 AM

If creationhybris is passed by value, then you should use it as token in subsequent query $creationhybris$

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎06-17-2020 03:38 PM

A few points/questions

'and' between the tests should be capitalised AND

https://docs.splunk.com/Documentation/Splunk/8.0.4/Search/Booleanexpressions

- you say 'creation hybris' is the field (2 words separated with space), but it's a single word in the test.

- your example search query is quoted in its entirety, is that what it really is or is it quoted here for example

Can you provide the <drilldown> section from the panel and the <query> section from your subsequent search.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...