Dashboards & Visualizations

Splunk dynamic dashboard capability question?


Imagine 🙂 I have application A, B and C
and inside those applications I have
A_errType1... A_errType5, B_errType1, B_errType2, C.errType1 .. C.errType3 etc..

I am reading all applications from the same type of log file(s). So my question is,

Are there any chance to have a summarizing dashboard (lets call it TimeChart tool) for all data such as "Count of errors on each app" and link this dashboard to sub-dashboards to have detailed information on each application type. lets say we have 10,20,30 of application errors on A,B and C. I choose application C and it returns me another board that shows totals of "errType"s of the same application like errType1 5, errType2 15, errType3 3

0 Karma

Splunk Employee
Splunk Employee

This sounds doable in Simple XML.

My understanding here is that you would like the drilldown to link to different dashboards based on the application clicked on, correct? To do this, you will need to,

  • (a) eval a new field in your events that adds the drilldown view name based on the application,
  • (b) include that field in your resulting table,
  • (c) use the "fields" option in your table to effectively hide that field from view but still making it accessible as click information to your drilldown,
  • (d) construct you drilldown link using the hidden field, like $row.viewname$.



I tested this, and in Splunk 5 doesn´t works if you hide the field with the "fields - fieldname" command. Althougt it works fine without hidding the field...

Does you solution works in Splunk 6?


0 Karma


In my research, It seems more feasible to use table chart drilldown which could be found:


I still don't have the exact answer, so if you have more ideas, please share it here.

0 Karma


That sounds quite doable with either SplunkJS/Webframework or AdvancedXML/SideviewUtils... not sure how doable it'd be with SimpleXML.

How that'd look depends on what you specifically need, but in general the idea would be to have a summarizing dashboard with charts or tables and custom drilldown underneath. Those drilldowns would look at what application your error type came from and apply that as a filter to the next dashboard.

Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...