Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

drilldown based on time

sanjeev
Explorer
‎11-02-2020 02:34 AM

Hi,

the following pic shows the chart in the left hand side,  i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened.

sanjeev_0-1604312954421.png

TIA.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 03:11 AM

$click.value$ will give you the value from the x-axis. You can use this to frame your drilldown query

0 Karma
Reply

sanjeev
Explorer
‎11-02-2020 05:13 AM

i am not able to get the drilldown from the x-axis. 

 

This is my code: 

(index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$

| search version="$form.sversion1$"
| fields + mac resetid deviceid version _time
| bin span=$spanres$ _time
| stats dc(mac) AS devices BY resetid version _time deviceid

| WHERE resetid = "HW"
| timechart sum(devices) span=$spanres$ by version

 

</search>
<option name="charting.axisTitleX.text">Period</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Number of reboots</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisY.abbreviation">auto</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">bottom</option>
<option name="height">302</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<drilldown>
<set token="form.sversion1">$click.value$</set>
</drilldown>

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 05:36 AM

$click.value$ is the corresponding value from the x-axis. What you probably need to is use it to calculate the earliest and latest times for your subsequent panel

        <drilldown>
          <eval token="select_start_hour">relative_time($click.value$, "@h")</eval>
          <eval token="select_end_hour">relative_time($select_start_hour$, "+1h@h")</eval>
        </drilldown>

Then use 

earliest=$select_start_hour$ latest=$select_end_hour$

 Obviously, you may need to adjust the values calculated depending on your need.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top