Solved: Re: Why is the condition tag in my drilldown not w...

adityapavan18 · ‎02-04-2015

Hi All
I have a dashboard as following:
Panel 2 is a table I am enabling drilldown on column "general_exception_type" using a condition tag.
I am expecting the drilldown to happen when a value in general_exception_type column is clicked, and nothing should happen when I click any value in count column.

After adding the condition tag, the drilldown is working on the general_exception_type column value when clicked, but when i click on a value in the count column (i expected nothing to happen), it's opening a search window. How do I disable that behavior?

I only need the drilldown to work when clicking on any value in column1 and nothing when clicked on any other value in column.

<dashboard>
      <label>Error Token Dashboard</label>
      <description/>
      <row>
        <panel>
          <single>
            <title>Tokens Found</title>
            <option name="classField">range</option>
            <searchString>index=sample | stats count by general_exception_type | stats count</searchString>
            <earliestTime>@d</earliestTime>
            <latestTime>now</latestTime>
            <option name="drilldown">all</option>
            <option name="beforeLabel">Number Of Error Tokens found in the logs today</option>
            <drilldown>
                <set token="tk">$click.value$</set>
            </drilldown>
          </single>
        </panel>
        <panel>
          <table depends="$tk$">
            <title>Tokens List</title>
            <searchString>index=sample | stats count by general_exception_type</searchString>
            <earliestTime>@d</earliestTime>
            <latestTime>now</latestTime>
            <option name="drilldown">row</option>
            <drilldown>
              <condition field="general_exception_type">
                <set token="exception">$row.general_exception_type$</set>
              </condition>
            </drilldown>
          </table>
        </panel>
      </row>
      <row>
        <panel>
        <event depends="$exception$">
           <title>Token Events</title>
            <searchString>index=sample general_exception_type=$exception$</searchString>
          <earliestTime>@d</earliestTime>
            <latestTime>now</latestTime>
           <option name="drilldown">none</option>
        </event>
        </panel>
      </row>
    </dashboard>

ramdaspr · ‎02-04-2015

The below code will force the other fields to disable drilldown

<drilldown>
<condition field="general_exception_type">
<set token="exception">$row.general_exception_type$</set>
</condition>
<condition field="*">
</condition>
</drilldown>

View solution in original post

ramdaspr · ‎02-04-2015

The below code will force the other fields to disable drilldown

<drilldown>
<condition field="general_exception_type">
<set token="exception">$row.general_exception_type$</set>
</condition>
<condition field="*">
</condition>
</drilldown>

adityapavan18 · ‎02-09-2015

Thank you.

Why is the condition tag in my drilldown not working as expected and how do I fix this behavior?

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...