Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a drilldown for specific dynamic values on a table?

raju4244
Explorer
‎08-20-2015 01:00 AM

Dear Everyone,

I need some input for creating a drilldown on a table.

My Table will look like the image below

alt text

The table was created using multiple searches (used append and join commands), and the values are dynamic.

For Ex: Total Number of Computers is 200, AV is installed only on 102.

Now, my requirement is when we click 200, i should get a list of 200 hostnames. If I click on 102, I should get a list of 102 hostnames.

We created the list of hostnames on different dashboards, so we want to know how to use drilldown for this kind situation.

PS: All data comes from different sources. The searches we used to to make table don't have any relation with other.

Tags (2)
Preview file
4 KB
0 Karma
Reply

somesoni2
Revered Legend
‎08-20-2015 08:33 AM

Ideally, you would be passing down the values for the primary key (ITEM) OR just the column name clicked (AV OR TOTAL), and your next query on the drilldown dashboard, you'll set the value of primary key and have logic to show data based on clicked column. But it all depends on your queries that you use.

This link provides the drilldown tokens that are available for use on click. My guess would be that you'd use $click.value$ OR $row.ITEM$ to get the primary key and $click.name2$ to get the category of the ITEM to show.
http://docs.splunk.com/Documentation/Splunk/6.2.1/Viz/tokens#Define_tokens_for_dynamic_drilldown

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...