Splunk Search

Link to search in new tab

manish_singh_77
Builder

Hi Team,

Link to search on a new tab for raw events when we click on a particular value in the line chart?

Is it possible?

Tags (1)
0 Karma

493669
Super Champion

to apply your requirement without editing xml-

Go to edit>>clicked on three dots for particular panel where you want to apply drilldown then use like below-
alt text

0 Karma

493669
Super Champion

Use below drilldown-

<option name="charting.drilldown">all</option>
 <drilldown>
      <link target="_blank">/app/myapp/mwdashboard</link>
 </drilldown>
0 Karma

manish_singh_77
Builder

@493669

This is not what I am looking for, I have a line chart and when I would click on the line chart value then it should open up new tab which should show me the raw events.

It works fine, when I select auto option in drilldown for "link to search", however I want the same thing in new tab.

0 Karma

493669
Super Champion

try below- here replace query with your query-

<option name="charting.drilldown">all</option>
        <drilldown>
          <link target="_blank">search?q=index=_internal%20%7C%20stats%20count%20by%20sourcetype&amp;earliest=-15m&amp;latest=now</link>
        </drilldown>

Below is sample dashboard on sampe data-

<dashboard>
  <label>826404_line chart</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal | stats count by sourcetype</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <!--drilldown>
      <link target="_blank">/app/search/592973_multiselect_remove_all</link>
 </drilldown-->
        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
        <drilldown>
          <link target="_blank">search?q=index=_internal%20%7C%20stats%20count%20by%20sourcetype&amp;earliest=-15m&amp;latest=now</link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>
0 Karma

manish_singh_77
Builder

@493669

I am not looking for this, my query is different, if I click on a line chart value it should display only that events.

Regards,
Manish Singh

0 Karma

493669
Super Champion

at the end of query use event handler like $click.value$ which will help to display clicked event.
refer splunk docs-https://docs.splunk.com/Documentation/Splunk/8.0.4/Viz/EventHandlerReference#chart_(event_tokens)

0 Karma

manish_singh_77
Builder

@493669

I tried click.value2 and click.name2 but the value is not getting passed when it is opening in the new tab. I have a line chart which has hosts and its error count. So when I click on line chart it should give me the raw events of that host only.

for example

index= abc sourcetype= access:logs|timechart count as error_count by host

Drilldown search: index= abc sourcetype= access:logs host=$click.value2$

0 Karma

493669
Super Champion

you will require to search host=$click.name2$
I have created sample dashboard and here on click it will open clicked sourcetype
Use below for reference-

<dashboard>
  <label>826404_line chart</label>
  <row>
    <panel>
      <chart>
        <title>$abc$</title>
        <search>
          <query>index=_internal | timechart count by sourcetype</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>

        <option name="charting.chart">line</option>
        <option name="charting.drilldown">all</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <link target="_blank">search?q=index=_internal%20%7C%20timechart%20count%20by%20sourcetype%7Csearch%20sourcetype=%22$click.name2$%22&amp;earliest=-15m&amp;latest=now</link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>
0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...