Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to edit my XML to initialize tokens for a cont...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to edit my XML to initialize tokens for a contextual drilldown to point to different tables?
kshanky143
Path Finder
03-25-2015
02:23 PM
I have 3 tables. I want 2 things here:
a) Click on Source 1, in Table 1, and Table 2 should show up
b) Click on Source 2, in Table 1, and Table 3 should show up
Table 1 (main table )
Input ------- Count
Source 1 ---- 2
Source 2 ---- 3
Table 2 (gives me info about Source 1)
Name ------- ErrorMessage
test1.xml ----- Bad XML file
test2.xml ----- No Source Found
Table 3 (gives me info about Source 2)
Name ------- ErrorMessage
test3.xml ----- No profile found
test4.xml ----- No profile found
test5.xml ----- No profile found
This is the XML i have. I have created 2 tokens Table2_TOKEN, and Table3_TOKEN. When clicked on the table it always shows the Table 2. How can i modify the xml to achieve what i want ?
<panel>
<table>
<title>Table1</title>
<searchString>bla bla bla</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<drilldown>
<set token="Table2_TOKEN">$click.value$</set>
<set token="Table3_TOKEN">$click.name$</set>
</drilldown>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<table depends="$Table2_TOKEN$">
<title>Table2</title>
<searchString>bla bla bla</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<table depends="$Table3_TOKEN$">
<title>Table3</title>
<searchString>bla bla bla</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tanefo
Path Finder
03-30-2015
03:44 AM
hi,
see this xml file, it can help you
<form>
<label>In-Page Drilldown with Perma-linking</label>
<fieldset submitButton="false">
<!--
Create an input to store the drilldown value. It will be hidden using custom javascript when
the dashboard is loaded.
-->
<input type="text" token="sourcetype" searchWhenChanged="true" />
</fieldset>
<row>
<table id="master">
<title>Master</title>
<searchString>index=_internal | stats count by sourcetype</searchString>
<earliestTime>-60m@m</earliestTime>
<latestTime>now</latestTime>
<!-- Set the type of of drilldown, since we will always consume the same field, use row-->
<option name="drilldown">row</option>
<drilldown>
<!-- Use set to specify the new token to be created.
Use any token from the page or from the click event to produce the value needed. -->
<set token="sourcetype">$row.sourcetype$</set>
<!-- If we also set the form.sourcetype the input will get updated too -->
<set token="form.sourcetype">$row.sourcetype$</set>
</drilldown>
</table>
</row>
<row>
<!-- depends is the way we tell the content to only show when the token has a value.
Hint: use comma separated values if the element requires more than one token. -->
<chart id="detail" depends="$sourcetype$">
<title>Detail: $sourcetype$</title>
<searchTemplate>index=_internal sourcetype=$sourcetype$ | timechart count</searchTemplate>
<earliestTime>-60m@m</earliestTime>
<latestTime>now</latestTime>
</chart>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kshanky143
Path Finder
03-30-2015
05:49 PM
Thanks Tanefo. I made some progress on this but still need some help. How can i take the row value pull up the chart ?
Taking the same example mentioned above ....
Table 1 (main table )
Input ------- Count
Source 1 ---- 2
Source 2 ---- 3
<table>
<title>TABLE1</title>
<searchString>bla bla bla Table Input, Count </searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<drilldown>
<condition field="count">
<set token="TABLE1_TOKEN">$click.name$</set> <!-- Value of TABLE1_TOKEN will be "Source1" -->
</condition>
<condition field="count">
<set token="TABLE2_TOKEN">$click.name$</set> !-- Value of TABLE1_TOKEN will be "Source2 -->
</condition>
</drilldown>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
So to pop up Table 2 can we do some thing like this ?
<table depends="$Table2_TOKEN$"> <!-- should be like <table depends if("$Table2_TOKEN$"=="Source1")> -->
<title>Table2</title>
<searchString>bla bla bla | Table Name, ErrorMesage</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
<table>
Table 2 (gives me info about Source1)
Name ------- ErrorMessage
test1.xml ----- Bad XML file
test2.xml ----- No Source Found
similarly for Table 3, we should have our XML some thing like this
<table depends="$Table3_TOKEN$"> <!-- should be like <table depends if("$Table3_TOKEN$"=="Source2")> -->
<title>Table3</title>
<searchString>bla bla bla | Table Name, ErrorMesage</searchString>
<earliestTime>$field1.earliest$</earliestTime>
<latestTime>$field1.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
<table>
Table 3 (gives me info about Source2)
Name ------- ErrorMessage
test3.xml ----- No profile found
test4.xml ----- No profile found
test5.xml ----- No profile found
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
