Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk dashboard clickable table output

vadlamudi
Explorer
‎10-13-2021 11:47 AM

Hi There,

 

I have two queries [Query 1  and Query 2].  what i am planning to achieve is that when user clicks on the server_ID for tabular output of Query 1, then it should be passed as INPUT to the WHERE clause in Query 2  . Any help would be appreciated.

 

 

Query 1:

index=<<index_name>>   sourcetype=webserver | dedup server_ID | table  server_ID

 

Query 1 Output:

server_ID

49552473-567
d5eedf55-dca
5d4bb774-74a
03f03042-1f7

 

Query 2:

 

index=<< index_name>>   "Exception" | where  server_ID= "server_ID from Query1 table"

 

 

Thank You

Labels (7)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-13-2021 12:01 PM

There's a pretty good example of that in the Dashboards and Visualizations manual at https://docs.splunk.com/Documentation/Splunk/8.2.2/Viz/ContextualDrilldown#Manage_and_respond_to_tok...

The concept is the first query has a <drilldown> element that sets a token value to the clicked cell.  The second query references that token.  The second query won't run until the token is assigned a value (when the user clicks on the table).

<query>index=<<index_name>>   sourcetype=webserver | dedup server_ID | table  server_ID</query>
<drilldown>
  <set token="server_ID">$row.server_ID$</set>
</drilldown>
index=<< index_name>>   "Exception" | where  server_ID= $server_ID$

 

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

vadlamudi
Explorer
‎10-13-2021 12:18 PM

HI @richgalloway   I am facing with below error when i tried the above solution that you provided.

 

ERROR: Node drilldown is not allowed here

 

Thank You

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎10-13-2021 01:01 PM

Why did you accept the answer if it doesn't work?

The dashboard code in the answer is not complete.  The snippets provided need to be inserted into the proper places in your XML.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-13-2021 12:01 PM

There's a pretty good example of that in the Dashboards and Visualizations manual at https://docs.splunk.com/Documentation/Splunk/8.2.2/Viz/ContextualDrilldown#Manage_and_respond_to_tok...

The concept is the first query has a <drilldown> element that sets a token value to the clicked cell.  The second query references that token.  The second query won't run until the token is assigned a value (when the user clicks on the table).

<query>index=<<index_name>>   sourcetype=webserver | dedup server_ID | table  server_ID</query>
<drilldown>
  <set token="server_ID">$row.server_ID$</set>
</drilldown>
index=<< index_name>>   "Exception" | where  server_ID= $server_ID$

 

 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎10-13-2021 11:57 AM

This link should get you started.

https://docs.splunk.com/Documentation/Splunk/8.2.2/Viz/ContextualDrilldown

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...