Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Table Drilldown by column name

rj1408
Path Finder
‎12-10-2020 12:52 AM

Hi, 

Img-1

rj1408_0-1607589706565.png

Img-2

rj1408_1-1607589851670.png




What I want is-

In Img1, when I click on Sucess/Failure/Total_Transaction column value, I want a change with respect to Microservices transaction in img 2, so for example if I click on LostStolen Services for Failure column which has 35 as value, In the next table I want it to print all those 35 transaction ids with status.

NOTE: Here for Success & failure, I have used different flags to count.  Could not figure out to use same flag for 2 different column to count. 

Labels (2)
Labels
0 Karma
Reply

aohls
Contributor
‎12-10-2020 10:33 AM

I think you might want to look into click.values. https://docs.splunk.com/Documentation/Splunk/8.1.0/Viz/tokens

This will allow you to assign a token from the table based on it being clicked. It can then feed your other panel search. 

0 Karma
Reply

rj1408
Path Finder
‎12-10-2020 10:43 AM

@aohls  Hi, thanks for your help.

I more help, in IMG-1, if the user clicks on "Total_Transaction", how will I change the column name value which is "Total_Transaction" to "*" so that I can get a list of the Transaction irrespective of Fail/Success, tried using eval replace, but its not working. 

base query | table   ESMS_TransactionID,ESMS_Country, ESMS_ResponseTime, ESMS_MS, ESMS_StatusFailure, ESMS_StatusSuccess|  eval ESMS_StatusSuccess= replace(ESMS_StatusSuccess,"Total_Transaction","*")| search ESMS_StatusSuccess=Total_Transaction ESMS_StatusFailure=Total_Transaction
0 Karma
Reply

aohls
Contributor
‎12-10-2020 11:07 AM

Just to make sure; my assumption is that when you click img-1 you want to update img-2?   I am wondering why you would want to update the Total_Transactions to a *; I think it would be difficult for users to tell what that columns means. You might want to do an add a Summary to your table. Go to Format > Summary and it will give you a totals value at the bottom; you can use | addtotals if you want some more control over it. 

Are you looking to update img-1 based what is clicked on img-1? Just not sure why you would like to rename it.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...