Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

creating a drilldown using the span from the from the source dashboard

jvmerilla
Path Finder
‎12-20-2017 01:47 AM

Hi,

I have a chart with this query:

index="sample_data" sourcetype="analytics_sampledata.csv" Status="*" "Ticket Type"="*" Priority="*"
| fields *
| rename "Reported_Assigned Date" as Reported_Assigned_Date
| eval _time = strptime(Reported_Assigned_Date, "%m/%d/%Y") | rename "Application Name" as Application
| timechart span=1mon count by Application

This is the visualization:
alt text

The span here is dynamic. It is being set by a "drop-down input"

What I want to happen is that to pass this span to the drilldown so that I the result I will get in the drilldown is only the data within that time span.

How will I do this?

Preview file
16 KB
0 Karma
Reply

mayurr98
Super Champion
‎12-20-2017 04:43 AM

hey @jvmerilla

Use this ready-made XML create a dashboard and simply put this XML: which has span and time picker as the input filter.
edit the dashboard add some more span according to your need.

<form>
  <label>test</label>
  <fieldset submitButton="true" autoRun="false">
    <input type="time" token="field1" searchWhenChanged="true">
      <label>Timepicker</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="span">
      <label>span</label>
      <choice value="5m">5 minutes</choice>
      <choice value="15m">15 minutes</choice>
      <choice value="30m">30 minutes</choice>
      <choice value="1mon">1 month</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>index="sample_data" sourcetype="analytics_sampledata.csv" Status="*" "Ticket Type"="*" Priority="*" | fields * | rename "Reported_Assigned Date" as Reported_Assigned_Date | eval _time = strptime(Reported_Assigned_Date, "%m/%d/%Y") | rename "Application Name" as Application | timechart span=$span$ count by Application</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="charting.chart">column</option>
        <option name="charting.drilldown">all</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <link>
            <![CDATA[
         /app/search/test2?form.test2token=$field2$
         ]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</form>

Let me know if it helps you!

0 Karma
Reply

nikita_p
Contributor
‎12-20-2017 03:00 AM

Hi @jvmerilla,
Please check expected answer in the below link if it works for you.
https://answers.splunk.com/answers/230345/how-can-i-drill-down-from-one-panel-pie-chart-to-a.html

0 Karma
Reply

harsmarvania57
Ultra Champion
‎12-20-2017 02:27 AM

Hi @jvmerilla,

I have created sample dashboard, please find below XML in which I am supplying span value from drop-down and after that while clicking on any column it is passing span value (which I am passing from dropdown as field2 token) to another dashboard using drilldown.

<form>
  <label>test</label>
  <fieldset submitButton="true" autoRun="false">
    <input type="multiselect" token="field1" searchWhenChanged="false">
      <label>field1</label>
      <choice value="sourcetype">Sourcetype</choice>
      <search>
        <query/>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <delimiter> </delimiter>
    </input>
    <input type="dropdown" token="field2">
      <label>field2</label>
      <choice value="5m">5 min</choice>
      <choice value="15m">15 min</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal | timechart span=$field2$ count by $field1$ </query>
          <earliest>-120m</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">column</option>
        <option name="charting.drilldown">all</option>
        <drilldown>
          <link>
            <![CDATA[
        /app/search/test2?form.test2token=$field2$
        ]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</form>

I hope this helps.

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...