Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Time filter issue when executing drilldown on a timechart dashboard

aniello_cerrato
Path Finder
‎09-12-2017 10:48 AM

Hi,

I have a problem to execute a drilldown on a timechart dashboard.

This is the search for my source dashboard:

source="SDC_GUI_DEN_ER_V" | timechart span=1d count

I have to click on the date (format date 2017-06-30) and open a new dashboard filtered on this date:

I have tried in the following way but it isn't working. On source and destination dashboard there is a filter on the time:

      <link>
        <![CDATA[
        /app/search/eccezioni_giornaliere_dett?earliest=$click.value$&latest=$click.value$
        ]]>
      </link>
    </drilldown>

Please let me know.

Thanks,
Nello

0 Karma
Reply

DalJeanis
Legend
‎09-12-2017 04:14 PM

If the events you are seeking have anything other than the date in their _time field, you really are going to need to do some calculation on that date. The epoch value of a date is the first moment in that day. Add 86399, possibly plus .999, to get the last moment in that day.

0 Karma
Reply

niketn
Legend
‎09-12-2017 11:20 AM

@aniello_cerrato, if you want to pass on the earliest and latest time stamp for selected span from timechart, can you tried the following?

   <link>
     <![CDATA[
     /app/search/eccezioni_giornaliere_dett?earliest=$earliest$&latest=$latest$
     ]]>
   </link>

Or one without CDATA and & escaped as &amp;

    <drilldown>
      <link target="_blank">/app/search/eccezioni_giornaliere_dett??earliest=$earliest$&amp;latest=$latest$</link>
    </drilldown>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...