Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Why is the transaction command in dashboard not al...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is the transaction command in dashboard not allowing users to click on the tabled results to see raw events in a new search window?
sbattista09
Contributor
02-12-2018
05:36 AM
I have a user that can’t click on cell value in a table on a dashboard to open the search into a new search window to see raw events. Is this a bug with the transaction command?
sourcetype=prod_app* app_name=* environment=* source=*logsNstuff.log "Code1:" OR "Code2:" | transaction app_name environment host startswith=Code1 endswith=Code2:: | count table app_name environment
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
02-13-2018
12:20 AM
This is not a bug with the transaction command, it is inherent in how the command works. The transaction command creates a new event from the original events, so there is nowhere to "drill down." If you want a drill-down in the dashboard, you can write a custom drill-down; here is the documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/DrilldownIntro
I generally recommend custom drill-downs for dashboards; they are pretty easy and provide a much cleaner interface for users.
Note that most dashboard panels have an "open in search" magnifying glass; for more sophisticated users, this is an alternative to drill-down that allows them to see the underlying search and manipulate it as desired.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sbattista09
Contributor
02-15-2018
05:23 AM
Thanks Iguinn, the person creating the dashboard is very knowledgeable but, for other users who only use Splunk for troubleshooting applications the magnifying glass option then editing a raw search may not be the best thing. We will try out creating a custom drill down.
however, Is there a different command we can use to bypass this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
02-15-2018
01:09 PM
When you need to group events using the startswith= and endswith= options, it is generally very difficult to replace that with stats.
Is there another field that represents something like a "session id" that could be used to group events, instead of the startswith/endswith?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
02-12-2018
05:59 AM
does it happening with only one user or with everyone?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sbattista09
Contributor
02-15-2018
05:18 AM
its everyone.
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
