Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Table Drilldown by column name

rj1408
Path Finder
‎12-10-2020 12:52 AM

Hi, 

Img-1

rj1408_0-1607589706565.png

Img-2

rj1408_1-1607589851670.png




What I want is-

In Img1, when I click on Sucess/Failure/Total_Transaction column value, I want a change with respect to Microservices transaction in img 2, so for example if I click on LostStolen Services for Failure column which has 35 as value, In the next table I want it to print all those 35 transaction ids with status.

NOTE: Here for Success & failure, I have used different flags to count.  Could not figure out to use same flag for 2 different column to count. 

Labels (2)
Labels
0 Karma
Reply

aohls
Contributor
‎12-10-2020 10:33 AM

I think you might want to look into click.values. https://docs.splunk.com/Documentation/Splunk/8.1.0/Viz/tokens

This will allow you to assign a token from the table based on it being clicked. It can then feed your other panel search. 

0 Karma
Reply

rj1408
Path Finder
‎12-10-2020 10:43 AM

@aohls  Hi, thanks for your help.

I more help, in IMG-1, if the user clicks on "Total_Transaction", how will I change the column name value which is "Total_Transaction" to "*" so that I can get a list of the Transaction irrespective of Fail/Success, tried using eval replace, but its not working. 

base query | table   ESMS_TransactionID,ESMS_Country, ESMS_ResponseTime, ESMS_MS, ESMS_StatusFailure, ESMS_StatusSuccess|  eval ESMS_StatusSuccess= replace(ESMS_StatusSuccess,"Total_Transaction","*")| search ESMS_StatusSuccess=Total_Transaction ESMS_StatusFailure=Total_Transaction
0 Karma
Reply

aohls
Contributor
‎12-10-2020 11:07 AM

Just to make sure; my assumption is that when you click img-1 you want to update img-2?   I am wondering why you would want to update the Total_Transactions to a *; I think it would be difficult for users to tell what that columns means. You might want to do an add a Summary to your table. Go to Format > Summary and it will give you a totals value at the bottom; you can use | addtotals if you want some more control over it. 

Are you looking to update img-1 based what is clicked on img-1? Just not sure why you would like to rename it.

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...