Dashboards & Visualizations

manage token when legend clicked, link to search when chart column clicked

dorHerbesman
Path Finder

I'm trying to do a condition based action on my chart.

I want to create a situation where when a legend is clicked the form.tail will change to take click.name2 (which is a number like 120 144 931 etc..)

and when inside the chart a column is clicked a costume search will be opened (in a new window if possible if not same window will be just fine). based of checking if click.name is a number (and it's should be as it should be the name of the source /mnt/support_engineering... )

 

this is my current chart:

<chart>
<title>amount of warning per file per Tail</title>
<search base="basesearch">
<query>|search
| search "WARNNING: "
| rex field=_raw "WARNNING: (?&lt;warnning&gt;(?s:.*?))(?=\n\d{5}|$)"
| search warnning IN $warning_type$
| search $project$
| search $platform$
| chart count over source by Tail</query>
</search>
<option name="charting.chart">column</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<eval token="form.Tail">if($click.name2$=$form.Tail$, "*", $click.name2$)</eval>
</drilldown>
</chart>



The main problem is that whenever i even try condition inside the drilldown a new search is opened instead managing tokens no matter what the condition or what im doing inside.

This is what I've tried so far:

        <drilldown>
  <!-- Handle clicks on Tail (Legend) -->
  <condition match="tonumber($click.name$) != $click.name$">
    <eval token="form.Tail">
      if($click.name2$ == $form.Tail$, "*", $click.name2$)
    </eval>
  </condition>

  <!-- Handle clicks on Source (Chart) -->
  <condition match="tonumber($click.name$) == $click.name$">
    <link>
      <param name="target">_blank</param>
      <param name="search">
        index=elbit_support_engineering 
        | search "WARNNING: "
      </param>
    </link>
  </condition>
</drilldown>


click.name should be the name of the source as those are the columns of my chart

 

thanks in advanced to helpers

Labels (4)
0 Karma
1 Solution

dorHerbesman
Path Finder

my condition was wrong, here is what i went with in the end:

        <drilldown>
        <!-- Handle clicks on Tail (Legend) -->
          <condition match="$click.name2$>0 AND NOT $click.value2$>0">
            <eval token="form.Tail">if($click.name2$ == $form.Tail$, "*", $click.name2$)</eval>
          </condition>
        <!-- Handle clicks on Source (Chart) -->
         <condition match="$click.value2$>0">
            <link>
              <param name="target">_blank</param>
              <param name="search">index=elbit_support_engineering 
                | search "WARNNING: "</param>
            </link>
          </condition>
        </drilldown>

View solution in original post

dorHerbesman
Path Finder

my condition was wrong, here is what i went with in the end:

        <drilldown>
        <!-- Handle clicks on Tail (Legend) -->
          <condition match="$click.name2$>0 AND NOT $click.value2$>0">
            <eval token="form.Tail">if($click.name2$ == $form.Tail$, "*", $click.name2$)</eval>
          </condition>
        <!-- Handle clicks on Source (Chart) -->
         <condition match="$click.value2$>0">
            <link>
              <param name="target">_blank</param>
              <param name="search">index=elbit_support_engineering 
                | search "WARNNING: "</param>
            </link>
          </condition>
        </drilldown>
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques

Hello! We are excited to kick off a new series of blogs from SplunkTrust member ITWhisperer, who demonstrates ...

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...