Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Drill down from pie chart in dashboard studio

NanSplk01
Communicator
3 weeks ago

I am new to dashboarding drop downs and I'd like to create a drop down for each slice of the pie.  I have created a search as a pie chart and tried to add a drop down that will search for only the slice I have selected.  So far it's not going anywhere.  This is what I have: 

"title""Demo DCP Levels",
    "description""",
    "inputs": {
        "input_global_trp": {
            "options": {
                "defaultValue""-24h@h,now",
                "token""global_time"
            },
            "title""Global Time Range",
            "type""input.timerange"
        }
    },
    "defaults": {
        "dataSources": {
            "ds.search": {
                "options": {
                    "queryParameters": {
                        "earliest""$global_time.earliest$",
                        "latest""$global_time.latest$"
                    }
                }
            }
        },
        "tokens": {
            "default": {
                "DCP-ERROR": {
                    "value""ERROR"
                },
                "ERROR": {
                    "value""ERROR"
                }
            }
        },
        "visualizations": {
            "global": {
                "showProgressBar"true
            }
        }
    },
    "visualizations": {
        "viz_4Ur0ZwMO": {
            "containerOptions": {},
            "dataSources": {
                "primary""ds_iY2W7D6g"
            },
            "eventHandlers": [
                {
                    "options": {
                        "tokens": [
                            {
                                "key""row.ERROR.value",
                                "token""ERROR"
                            }
                        ]
                    },
                    "type""drilldown.setToken"
                },
                {
                    "options": {
                        "tokens": [
                            {
                                "token""DCP-ERROR",
                                "value""ERROR"
                            }
                        ]
                    },
                    "type""drilldown.setToken"
                }
            ],
            "showLastUpdated"false,
            "showProgressBar"true,
            "title""DCP Levels",
            "type""splunk.pie"
        }
    },
    "dataSources": {
        "ds_iY2W7D6g": {
            "name""Pie chart search",
            "options": {
                "query""index=\"dcp-np\" level!=INFO \n|  dedup level\n| stats count by level",
                "queryParameters": {
                    "earliest""-15m",
                    "latest""now",
                    "sampleRatio""1"
                }
            },
            "type""ds.search"
        }
    },
    "layout": {
        "globalInputs": [
            "input_global_trp"
        ],
        "layoutDefinitions": {
            "layout_1": {
                "options": {
                    "gutterSize"10,
                    "height"960,
                    "width"1440
                },
                "structure": [
                    {
                        "item""viz_4Ur0ZwMO",
                        "position": {
                            "h"250,
                            "w"1440,
                            "x"0,
                            "y"0
                        },
                        "type""block"
                    }
                ],
                "type""grid"
            }
        },
        "options": {},
        "tabs": {
            "items": [
                {
                    "label""New tab",
                    "layoutId""layout_1"
                }
            ]
        }
    },
    "applicationProperties": {
        "hideEdit"false,
        "hideExport"false
    }
}
 
How can I select a piece of the pie to drop down to another search?
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @NanSplk01 

Instead of setting a token on click you can link to search, you can either do this in the UI and then specify your value using $row.<fieldName>.value$ (such as $row.ERROR.value$) or you can edit the JSON with something like this:

"eventHandlers": [
        {
            "type": "drilldown.linkToSearch",
            "options": {
                "query": "index=_internal sourcetype=$row.sourcetype.value$ | stats count by sourcetype",
                "earliest": "auto",
                "latest": "auto",
                "type": "custom",
                "newTab": false
            }
        }
    ],

In my example Im clicking on a piechart which has a "stats count by sourcetype" hence I am using $row.sourcetype.value$ in my drilldown search, does that make sense?

livehybrid_0-1764174987621.png

 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

View solution in original post

Reply
Solved! Jump to solution

NanSplk01
Communicator
2 weeks ago

This worked perfectly.

0 Karma
Reply
Solved! Jump to solution
Solution

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @NanSplk01 

Instead of setting a token on click you can link to search, you can either do this in the UI and then specify your value using $row.<fieldName>.value$ (such as $row.ERROR.value$) or you can edit the JSON with something like this:

"eventHandlers": [
        {
            "type": "drilldown.linkToSearch",
            "options": {
                "query": "index=_internal sourcetype=$row.sourcetype.value$ | stats count by sourcetype",
                "earliest": "auto",
                "latest": "auto",
                "type": "custom",
                "newTab": false
            }
        }
    ],

In my example Im clicking on a piechart which has a "stats count by sourcetype" hence I am using $row.sourcetype.value$ in my drilldown search, does that make sense?

livehybrid_0-1764174987621.png

 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...