Hello guys,
I implemented a Pan and Zoom functionality this way: I have a line graph that shows some data and a table below that shows raw events within selected time range. It works as expected, but I would like to modify it a bit. It should work just like this:
pan and zoom problem - Splunk Community
Unfortunately nobody answered, maybe because of rude formulation. So, to make it clearer, instead of zooming this way:
I am looking for a way to zoom like in normal graph (change x axis, not show two markers) so I can see more detailed data.
Any ideas how to achieve that?
Thank you!
PavelNed,
Thanks for taking the time to respond. Here is a screen shot of my pan/zoom:
Here is my XML (the actual query is URL encoded):
<option name="charting.drilldown">all</option>
<selection>
<set token="selection.earliest">$start$</set>
<set token="selection.latest">$end$</set>
</selection>
<drilldown><link target="_blank">search?q=
| inputlookup my_table.csv
| eval update_time = strptime(day, "%Y-%m-%d")
| where update_time >= $selection.earliest$ AND update_time <= $selection.latest$
</query></link></drilldown></chart></panel>
HOWEVER, when I click on the 'Sept. 24, 2020' data point, the drilldown time value range ends up being the entire range of the chart (Jan. 2020 - Dec. 2020), not the range represented by the zoom frame (Sept. 2020 - Oct. 2020) :
| inputlookup my_table.csv
| eval update_time = strptime(day, "%Y-%m-%d")
| where update_time >= 1579132800 AND update_time <= 1607558400
Is there some other <option> setting I need? According to the documentation, this should be straight forward, yet, I 'must' be doing something wrong.
Again, thanks for helping!
