Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

drilldown based on time

sanjeev
Explorer
‎11-02-2020 02:34 AM

Hi,

the following pic shows the chart in the left hand side,  i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened.

sanjeev_0-1604312954421.png

TIA.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 03:11 AM

$click.value$ will give you the value from the x-axis. You can use this to frame your drilldown query

0 Karma
Reply

sanjeev
Explorer
‎11-02-2020 05:13 AM

i am not able to get the drilldown from the x-axis. 

 

This is my code: 

(index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$

| search version="$form.sversion1$"
| fields + mac resetid deviceid version _time
| bin span=$spanres$ _time
| stats dc(mac) AS devices BY resetid version _time deviceid

| WHERE resetid = "HW"
| timechart sum(devices) span=$spanres$ by version

 

</search>
<option name="charting.axisTitleX.text">Period</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Number of reboots</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisY.abbreviation">auto</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">bottom</option>
<option name="height">302</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<drilldown>
<set token="form.sversion1">$click.value$</set>
</drilldown>

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 05:36 AM

$click.value$ is the corresponding value from the x-axis. What you probably need to is use it to calculate the earliest and latest times for your subsequent panel

        <drilldown>
          <eval token="select_start_hour">relative_time($click.value$, "@h")</eval>
          <eval token="select_end_hour">relative_time($select_start_hour$, "+1h@h")</eval>
        </drilldown>

Then use 

earliest=$select_start_hour$ latest=$select_end_hour$

 Obviously, you may need to adjust the values calculated depending on your need.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...