Splunk Search

How to create a drilldown for specific dynamic values on a table?


Dear Everyone,

I need some input for creating a drilldown on a table.

My Table will look like the image below

alt text

The table was created using multiple searches (used append and join commands), and the values are dynamic.

For Ex: Total Number of Computers is 200, AV is installed only on 102.

Now, my requirement is when we click 200, i should get a list of 200 hostnames. If I click on 102, I should get a list of 102 hostnames.

We created the list of hostnames on different dashboards, so we want to know how to use drilldown for this kind situation.

PS: All data comes from different sources. The searches we used to to make table don't have any relation with other.

Tags (2)
0 Karma


Ideally, you would be passing down the values for the primary key (ITEM) OR just the column name clicked (AV OR TOTAL), and your next query on the drilldown dashboard, you'll set the value of primary key and have logic to show data based on clicked column. But it all depends on your queries that you use.

This link provides the drilldown tokens that are available for use on click. My guess would be that you'd use $click.value$ OR $row.ITEM$ to get the primary key and $click.name2$ to get the category of the ITEM to show.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...