Re: Single value drill down search query in the da...

P2kumari · ‎06-17-2020

Hi All,

I have created a single value panel and then wanted to have a drill down search query not dashboard query.

So I was able to do it but I have an issue like if the drilldown search query contains "creationhybris>$tokearliest$ and creationhybris<&$toklatest$" then the search query is not working. It is showing blank in the uri.

Here the creation hybris is the field which contain epoch time thing and we have already converted the earliest and latest into epoch time in our xml query of the dashboard.

Please help here if someone has any idea to resolve this issue.

dmuraleetcs · ‎06-18-2020

If creationhybris is passed by value, then you should use it as token in subsequent query $creationhybris$

bowesmana · ‎06-17-2020

A few points/questions

'and' between the tests should be capitalised AND

https://docs.splunk.com/Documentation/Splunk/8.0.4/Search/Booleanexpressions

- you say 'creation hybris' is the field (2 words separated with space), but it's a single word in the test.

- your example search query is quoted in its entirety, is that what it really is or is it quoted here for example

Can you provide the <drilldown> section from the panel and the <query> section from your subsequent search.

Single value drill down search query in the dashboard

drilldown

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!