Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

drilldown based on time

sanjeev
Explorer
‎11-02-2020 02:34 AM

Hi,

the following pic shows the chart in the left hand side,  i want a drilldown based on time when i click on the graph. for example when i click on the spike value-49, i should get all the values for that time when the spike has happened.

sanjeev_0-1604312954421.png

TIA.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 03:11 AM

$click.value$ will give you the value from the x-axis. You can use this to frame your drilldown query

0 Karma
Reply

sanjeev
Explorer
‎11-02-2020 05:13 AM

i am not able to get the drilldown from the x-axis. 

 

This is my code: 

(index=hc_trials OR index=hc_prod) (HCREBOOT) $hubprod$ ($sversion1$) ($region$) $excludetest$

| search version="$form.sversion1$"
| fields + mac resetid deviceid version _time
| bin span=$spanres$ _time
| stats dc(mac) AS devices BY resetid version _time deviceid

| WHERE resetid = "HW"
| timechart sum(devices) span=$spanres$ by version

 

</search>
<option name="charting.axisTitleX.text">Period</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Number of reboots</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisY.abbreviation">auto</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.nullValueMode">zero</option>
<option name="charting.chart.showDataLabels">minmax</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">bottom</option>
<option name="height">302</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<drilldown>
<set token="form.sversion1">$click.value$</set>
</drilldown>

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-02-2020 05:36 AM

$click.value$ is the corresponding value from the x-axis. What you probably need to is use it to calculate the earliest and latest times for your subsequent panel

        <drilldown>
          <eval token="select_start_hour">relative_time($click.value$, "@h")</eval>
          <eval token="select_end_hour">relative_time($select_start_hour$, "+1h@h")</eval>
        </drilldown>

Then use 

earliest=$select_start_hour$ latest=$select_end_hour$

 Obviously, you may need to adjust the values calculated depending on your need.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...