Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Why is the transaction command in dashboard not al...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is the transaction command in dashboard not allowing users to click on the tabled results to see raw events in a new search window?
sbattista09
Contributor
02-12-2018
05:36 AM
I have a user that can’t click on cell value in a table on a dashboard to open the search into a new search window to see raw events. Is this a bug with the transaction command?
sourcetype=prod_app* app_name=* environment=* source=*logsNstuff.log "Code1:" OR "Code2:" | transaction app_name environment host startswith=Code1 endswith=Code2:: | count table app_name environment
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
02-13-2018
12:20 AM
This is not a bug with the transaction command, it is inherent in how the command works. The transaction command creates a new event from the original events, so there is nowhere to "drill down." If you want a drill-down in the dashboard, you can write a custom drill-down; here is the documentation: http://docs.splunk.com/Documentation/Splunk/latest/Viz/DrilldownIntro
I generally recommend custom drill-downs for dashboards; they are pretty easy and provide a much cleaner interface for users.
Note that most dashboard panels have an "open in search" magnifying glass; for more sophisticated users, this is an alternative to drill-down that allows them to see the underlying search and manipulate it as desired.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sbattista09
Contributor
02-15-2018
05:23 AM
Thanks Iguinn, the person creating the dashboard is very knowledgeable but, for other users who only use Splunk for troubleshooting applications the magnifying glass option then editing a raw search may not be the best thing. We will try out creating a custom drill down.
however, Is there a different command we can use to bypass this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
02-15-2018
01:09 PM
When you need to group events using the startswith= and endswith= options, it is generally very difficult to replace that with stats.
Is there another field that represents something like a "session id" that could be used to group events, instead of the startswith/endswith?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
02-12-2018
05:59 AM
does it happening with only one user or with everyone?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sbattista09
Contributor
02-15-2018
05:18 AM
its everyone.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
