Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

drilldown based on time

sanjeev
Explorer
‎11-02-2020 02:34 AM

Hi,

the following pic shows the chart in the left hand side,  i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened.

sanjeev_0-1604312954421.png

TIA.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 03:11 AM

$click.value$ will give you the value from the x-axis. You can use this to frame your drilldown query

0 Karma
Reply

sanjeev
Explorer
‎11-02-2020 05:13 AM

i am not able to get the drilldown from the x-axis. 

 

This is my code: 

(index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$

| search version="$form.sversion1$"
| fields + mac resetid deviceid version _time
| bin span=$spanres$ _time
| stats dc(mac) AS devices BY resetid version _time deviceid

| WHERE resetid = "HW"
| timechart sum(devices) span=$spanres$ by version

 

</search>
<option name="charting.axisTitleX.text">Period</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Number of reboots</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisY.abbreviation">auto</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">bottom</option>
<option name="height">302</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<drilldown>
<set token="form.sversion1">$click.value$</set>
</drilldown>

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 05:36 AM

$click.value$ is the corresponding value from the x-axis. What you probably need to is use it to calculate the earliest and latest times for your subsequent panel

        <drilldown>
          <eval token="select_start_hour">relative_time($click.value$, "@h")</eval>
          <eval token="select_end_hour">relative_time($select_start_hour$, "+1h@h")</eval>
        </drilldown>

Then use 

earliest=$select_start_hour$ latest=$select_end_hour$

 Obviously, you may need to adjust the values calculated depending on your need.

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...