- Community
- :
- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Enterprise
- :
- Drilldown table - by passing a fieldvalue , that d...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drilldown table - by passing a fieldvalue , that doesnt exist in the final output
Requirement : Onclicking the single value of the panel "DonwloadCountExceeded ( DailyLimit - 1 )" , "MoreDetails" panel have to be populated and when clicked again should be hidden.
Issue : "More Details" panel would need a field value "DownloadLimit" ( value varies per panel - daily,weekly,monthly) - doesnt exist in the final output of the actual panel "DonwloadCountExceeded ( DailyLimit - 1 )".
<form>
<fieldset submitButton="false">
<input type="time" token="time">
<label>Select TIME :</label>
<default>
<earliest>-5m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="homeOffice" searchWhenChanged="true">
<label>Select HomeOffice :</label>
<choice value="*">ALL</choice>
<default>*</default>
<search>
<query>source="http:datalog" sourcetype="datalog" homeOffice ="*"| search hrId= "$hrId$" email = "$email$" firstname = "$firstname$" lastname = "$lastname$" | dedup homeOffice | stats count by homeOffice</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<fieldForLabel>homeOffice</fieldForLabel>
<fieldForValue>homeOffice</fieldForValue>
</input>
<input type="text" token="hrId" searchWhenChanged="true">
<label>HrID :</label>
<default>*</default>
</input>
<input type="text" token="email" searchWhenChanged="true">
<label>Email :</label>
<default>*</default>
</input>
<input type="text" token="firstname" searchWhenChanged="true">
<label>FirstName :</label>
<default>*</default>
</input>
<input type="text" token="lastname" searchWhenChanged="true">
<label>LasttName :</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<title>DonwloadCountExceeded ( DailyLimit - 1 )</title>
<single>
<search>
<query>source="http:datalog" sourcetype="datalog"
hrId= "$hrId$" email = "$email$" firstname = "$firstname$" lastname = "$lastname$" homeOffice="$homeOffice$" | eval DownloadLimit = 1
| stats count by DownloadLimit
| where count > DownloadLimit
| rename count as "DownloadCount"
| fields DownloadCount</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="drilldown">none</option>
<option name="numberPrecision">0</option>
<option name="rangeColors">["0x53a051", "0x0877a6", "0xf8be34", "0xf1813f", "0xdc4e41"]</option>
<option name="rangeValues">[0,30,70,100]</option>
<option name="refresh.display">progressbar</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="unitPosition">after</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
<drilldown>
<condition>
<set token="ShowDetails">true</set>
<set token="selected_value">$row.DownloadLimit$</set>
</condition>
</drilldown>
</single>
</panel>
</row>
<row depends="$ShowDetails$">
<panel>
<title>More Details</title>
<table>
<search>
<query>source="http:datalog" sourcetype="datalog"
hrId= "$hrId$" email = "$email$" firstname = "$firstname$" lastname = "$lastname$" homeOffice="$homeOffice$" | eval DownloadLimit = $selected_value$ | stats count by hrId email firstname lastname homeOffice
| where count > DownloadLimit
| rename count as "DownloadCount"</query>
<earliest>0</earliest>
<latest></latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<drilldown>
<unset token="ShowDetails"></unset>
</drilldown>
</table>
</panel>
</row>
</form>
Introducing Edge Processor: Next Gen Data Transformation
Take the 2021 Splunk Career Survey for $50 in Amazon Cash
Using Machine Learning for Hunting Security Threats
