Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Minimaze and Maximize a Cell or Drilldown and short the Text in Zell

bnybln030
Engager
‎02-22-2022 06:02 AM

Hi everyone,

i have in a table the result of a scanning script. Of course, the cells are much too large. Is there a way to minimize them and maximize them if necessary?

A drill down to a new page would be also ok, but how can I shorten or change the text in the cell so that the drilldown function is still possible since I use "clickvalue".

 

Labels (1)
Labels
0 Karma
Reply

gcusello
Esteemed Legend
‎02-22-2022 06:07 AM

Hi @bnybln030,

you could use subsearch to define the max lenght of a field and using drilldopwn, you could open a new panel containing the full field.

e.g. 

| eval your_field=substr(your_field,"10")

Ciao.

Giuseppe

Reply

bnybln030
Engager
‎02-22-2022 06:19 AM

Hi Guiseppe,

thanks for your fast reply. Can u say me, what is the best way to drilldown the colum and open a new panel containing the full field?

 

Kind Regadrs

bnybln030

0 Karma
Reply

gcusello
Esteemed Legend
‎02-22-2022 07:07 AM

Hi @bnybln030.,

try to adapt this sample to your situation:

<dashboard version="1.1">
  <label>In-page Drilldown with Perma-Linking</label>
  <description>Enable in-page interaction through UI Editor or editing XML.</description>
  <row>
    <panel>
      <title>Main panel</title>
      <table id="master">
        <search>
          <query>
                 index=your_index
                 | eval visualized_field=substr(your_field,1,10)
                 | table _time host visualized_field your_field
          </query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
        <fields>_time, host, visualized_field</fields>
        <option name="drilldown">cell</option>
        <drilldown>
          <set token="form.your_field">$row.your_field$</set>
        </drilldown>
      </table>
    </panel>
    <panel>
      <chart id="detail" depends="$your_field$">
        <title>Detail: $your_field$</title>
        <search>
          <query>
                 index=your_index your_field="$your_field$"
                 | table your_field
          </query>
          <earliest>-60m@m</earliest>
          <latest>now</latest>
        </search>
      </chart>
    </panel>
  </row>
</dashboard>

In few words:

  • in the first search you have two values: one to display in the first panel and one to pass as token,
  • with the click, you pass the full field as token to the second panel

I hint to see in the Splunk Dashboard Examples App (https://splunkbase.splunk.com/app/1603/) because you can find examples of in-page drilldown.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...