Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trying to pass time range to the splunk search in drilldown table to open in a new window

nithin204
Explorer
‎02-12-2024 10:50 PM

Hi All, 

 

I am trying to pass time variables to the search when I click on a value in drilldown dashbaord. Below is the the source of the dashboard 

 

<form version="1.1">
<label>test12</label>
<fieldset submitButton="false">
<input type="time" token="field1">
<label>Time</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<title>test12</title>
<table>
<search>
<query>index=_internal status=* sourcetype=splunkd
|lookup test12 name AS status OUTPUT value | stats count by value</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">row</option>
<option name="refresh.display">progressbar</option>
<drilldown target="_blank">
<set token="drilldown_srch">index=_internal status=* sourcetype=splunkd |lookup test12.csv name as status output value | where value=$row.value$</set>
<link>search?q=$drilldown_srch|u$</link>
</drilldown>
</table>
</panel>
</row>
</form>

I tried adding the time variables in the link as below but no luck

<link>search?q=$drilldown_srch?earliest=$field1.earliest&latest=$field1.latest$|u$</link>

Thanks

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 06:48 AM

Hi @nithin204,

the way to pass a parameter to a drilldown is the one I described, please try this:

<link>search?q=$drilldown_srch|u$$&amp;earliest=$field1.earliest$&amp;latest=$field1.latest$</link>

anyway, usually a drilldown search takes the same time variables of the original.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-12-2024 11:50 PM

Hi @nithin204,

what's the error you have?

anyway the string you're using is correct (I suppose that the second $ was a mistyping), but in the dashboard editor you have to use a different notation for &, you must use &amp;:

<link>search?q=$drilldown_srch?earliest=$field1.earliest$&amp;latest=$field1.latest$|u$</link>

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

nithin204
Explorer
‎02-13-2024 06:42 AM

Hi @gcusello , 

I have to use the second $ as well after drilldown_srch as that is token. 

<link>search?q=$drilldown_srch$?earliest=$field1.earliest$&amp;latest=$field1.latest$|u$</link>

If I skip the second "$" after the drillwon_srch, and if I click the value the new search opens as $drilldown_srch in the search bar in new window. 

 

If I use the $drilldown_srch$ , the search is working correct but it is not taking the time variables. It always have a default of 15mins. 

Thanks 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 06:48 AM

Hi @nithin204,

the way to pass a parameter to a drilldown is the one I described, please try this:

<link>search?q=$drilldown_srch|u$$&amp;earliest=$field1.earliest$&amp;latest=$field1.latest$</link>

anyway, usually a drilldown search takes the same time variables of the original.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 07:11 AM

Hi @nithin204 ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...