Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reset map drilldown

rvisj
New Member
‎06-05-2017 05:00 AM

I have created map in dashboard. Initially a Bar chart appears having data of all states. Drill down on map is applied, as a result, bar chart shows particular state data. But how can I go back to data of 'All states' in bar chart after done with particular state data.

alt text

Tags (3)
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nilaksh92
Path Finder
‎06-07-2017 01:15 AM

Hi,

You have two panels, right? Below is sample code for the 3 panel drilldown, you can use this as your reference.

 <dashboard>
   <label>DrillDown</label>
   <init>
     <set token="showPanel1"> </set>
     <unset token="showPanel2"></unset>
     <unset token="showPanel3"></unset>
   </init>
   <search id="mainsearch">
     <query>index="*" | stats count by index source sourcetype | rename index as "Column 1",source as "Column 2",sourcetype as "Column 3" </query>
     <earliest>-15m</earliest>
     <latest>now</latest>
     <sampleRatio>1</sampleRatio>
   </search>
   <row>
     <panel depends="$showPanel1$">
       <title>Panel 1</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
          <drilldown>
           <condition field="Column 1">
             <unset token="showPanel1"> </unset>
             <set token="showPanel2"> </set>
             <unset token="showPanel3"> </unset>
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
   <row>
     <panel depends="$showPanel2$">
       <title>Panel 2</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1" "Column 2"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
         <drilldown>
            <condition field="Column 1">
             <set token="showPanel1"> </set>
             <unset token="showPanel2"></unset>
             <unset token="showPanel3"></unset>
           </condition>
           <condition field="Column 2">
             <unset token="showPanel1"></unset>
             <unset token="showPanel2"></unset>
             <set token="showPanel3"> </set>
           </condition>
           <condition field="*">
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
   <row>
     <panel depends="$showPanel3$">
       <title>Panel 3</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1" "Column 2" "Column 3"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
         <drilldown>
           <condition field="Column 3">
             <unset token="showPanel1"></unset>
             <set token="showPanel2"> </set>
             <unset token="showPanel3"></unset>
           </condition>
           <condition field="*">
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
 </dashboard>

Thanks
Nikks

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nilaksh92
Path Finder
‎06-07-2017 01:15 AM

Hi,

You have two panels, right? Below is sample code for the 3 panel drilldown, you can use this as your reference.

 <dashboard>
   <label>DrillDown</label>
   <init>
     <set token="showPanel1"> </set>
     <unset token="showPanel2"></unset>
     <unset token="showPanel3"></unset>
   </init>
   <search id="mainsearch">
     <query>index="*" | stats count by index source sourcetype | rename index as "Column 1",source as "Column 2",sourcetype as "Column 3" </query>
     <earliest>-15m</earliest>
     <latest>now</latest>
     <sampleRatio>1</sampleRatio>
   </search>
   <row>
     <panel depends="$showPanel1$">
       <title>Panel 1</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
          <drilldown>
           <condition field="Column 1">
             <unset token="showPanel1"> </unset>
             <set token="showPanel2"> </set>
             <unset token="showPanel3"> </unset>
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
   <row>
     <panel depends="$showPanel2$">
       <title>Panel 2</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1" "Column 2"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
         <drilldown>
            <condition field="Column 1">
             <set token="showPanel1"> </set>
             <unset token="showPanel2"></unset>
             <unset token="showPanel3"></unset>
           </condition>
           <condition field="Column 2">
             <unset token="showPanel1"></unset>
             <unset token="showPanel2"></unset>
             <set token="showPanel3"> </set>
           </condition>
           <condition field="*">
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
   <row>
     <panel depends="$showPanel3$">
       <title>Panel 3</title>
       <table>
         <search base="mainsearch">
           <query>table "Column 1" "Column 2" "Column 3"</query>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
         <drilldown>
           <condition field="Column 3">
             <unset token="showPanel1"></unset>
             <set token="showPanel2"> </set>
             <unset token="showPanel3"></unset>
           </condition>
           <condition field="*">
           </condition>
         </drilldown>
       </table>
     </panel>
   </row>
 </dashboard>

Thanks
Nikks

0 Karma
Reply
Solved! Jump to solution

rvisj
New Member
‎06-08-2017 10:35 PM

thanks @nilaksh, It gives a hint

0 Karma
Reply
Solved! Jump to solution

nilaksh92
Path Finder
‎06-12-2017 01:02 AM

Hi

If it helped you,please accept the answer and give some award points 🙂

Thanks
Nikks

0 Karma
Reply
Solved! Jump to solution

nilaksh92
Path Finder
‎06-05-2017 05:55 AM

Hi

You can try below command under drill down tag

<unset token="abc"></unset>

Thanks
Nikks

0 Karma
Reply
Solved! Jump to solution

rvisj
New Member
‎06-06-2017 11:03 PM

HI Nikks,

<set token="State">$click.value$</set>

this is what I added under drill down , to get values of clicked state. I don't think unsetting token there, would make any sense.

0 Karma
Reply
Solved! Jump to solution

cmerriman
Super Champion
‎06-05-2017 05:25 AM

try adding something like this to the dashboard. you'll need to fill in the token you've created for the drilldown (i've just put in STATETOKEN:

  <row>
    <panel>
      <html>
        <button class="btn" data-unset-token="STATETOKEN">Reset Drilldown</button>
      </html>
    </panel>
  </row>

this little html bit can be nestled into the panel with the bar chart or map if you want, or you can keep it as a separate panel. you can also use a depends statement to have it only show when the drilldown has been applied.

Reply
Solved! Jump to solution

rvisj
New Member
‎06-06-2017 11:18 PM

I think we need little bit of JavaScript to make it work. Even after that if I unset token also, the bar chart will show 'waiting for input'. As my chart query is:

/source/ |where state="$State$"|chart count by Product

0 Karma
Reply
Solved! Jump to solution

cmerriman
Super Champion
‎06-07-2017 04:41 AM

here is a sample of how i have it working in one of my own dashboards, no JS required. This syntax replaced the "My Title" panel with the "My New Title" panel when you click on something to drilldown. After clicking "Reset Drilldown", the original table/panel is restored. :

...
<row>
    <panel depends="$input1$" rejects="$newtoken$">
      <title>My Title</title>
      <table>
        <search>
          <query>........</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="count">100</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="rowNumbers">false</option>
        <option name="wrap">true</option>
        </format>
        <drilldown>
          <set token="newtoken">$click.value2$</set>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <html depends="$newtoken$">
         <button class="btn" data-unset-token="newtoken">Reset Drilldown</button>
     </html>
      <table depends="$newtoken$">
        <title>New Table Title</title>
        <search>
          <query>.......</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
...
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...