Splunk Enterprise

Hide search query in drilldown

praphulla1
Path Finder

Hello,

when user clicks on panel for drill-down, it shows relevant record in new window. I am looking to hide the search query to end- user ?

I could see some params in drill-down url

  • display.page.search.mode=verbose
  • dispatch.sample_ratio=1
  • display.general.type=statistics

But nothing related to hiding search query. Is this feasible by passing any additional parameter to the drill-down.

here's sample dashboard to explain in more detail.

<dashboard>
  <label>test</label>
  <description>Test dashboard</description>
  <row>
    <panel>
      <chart>
        <title>Stats in pie chart</title>
        <search>
          <query>index=_internal sourcetype=splunkd log_level=ERROR 
| stats count by host</query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.drilldown">all</option>
        <option name="refresh.display">progressbar</option>
      </chart>
    </panel>
  </row>
</dashboard>


when you click on on slice of the pie chart. it opens a new tab where search query visible to user which i would like to hide it to end user.


Labels (1)
Tags (1)
0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@praphulla1 

If you want to hide search or make it un-clickable then tried this in XML?

 

 

<drilldown>
          <condition>
          </condition>
        </drilldown>

 

You can share your sample code so we can help.

 

KV

0 Karma

praphulla1
Path Finder

@kamlesh_vaghela i have more details to the question with sample dashboard  code as well.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You can use standard query strings on the url e.g. ?display.page.search.mode=verbose&dispatch.sample_ratio=1

Is that what you are after?

0 Karma

praphulla1
Path Finder

@ITWhisperer i am looking for a param to hide the query to end-user.

i updated my question to be more clear.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What url are you drilling down to?

0 Karma

praphulla1
Path Finder

I am using auto drill-down.

<splunk instance>/search?q=search%20index%3D_internal%20sourcetype%3Dsplunkd%20log_level%3DERROR%20%20%20host%3Dabcd&earliest=1626277980&latest=1626281619&sid=1626281625.6156433_11E2866B-AB2E-4342-8D51-4948AA7A5661&display.page.search.mode=fast&dispatch.sample_ratio=1
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

So you are drilling down to a search and you want to hide the fact that you are drilling down to a search?

Can you drilldown to another dashboard that has the results of the search (rather than the search app itself)?

0 Karma

praphulla1
Path Finder

@ITWhisperer Yes. i have few dashboards which are using really long queries and on drill-down the query almost takes half of the screen.

i wanted to re-use the auto drill-down feature without need to build another drill-down dashboard.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...