alt text
Hello, I'm trying to two drill-down options for my dashboard and in that one to select the platform and the other one is for the environment.
Let say I have platform A and B and in both of them have environment C, D, and E.
I have written as below but output in dashboard is NULL or no data found.
FYI: For a single option it is working fine and I able to see dashboard with values.
</form>
<panel id="dropdown">
<title>Welcome, $username$!</title>
<input type="dropdown" token="tokPlatform" searchWhenChanged="true">
<label>Select Platform</label>
<default>On-prem</default>
<choice value="index=alarms sourcetype=ommc_alarms APPLICATION=Hadoop OR APPLICATION=*Unix*">On-prem</choice>
<choice value="index=alarms sourcetype=ommc_alarms MANAGER_NAME=*.corporate">Cloud-AWS</choice>
<choice value="Null">Cloud-Azure</choice>
</input>
<input type="dropdown" token="tokEnvironment" searchWhenChanged="true">
<label>Select Environment</label>
<default>Prod</default>
<choice value="$tokPlatform$ MANAGER_NAME=prdehdp* OR MANAGER_NAME=prdplhdpx* OR MANAGER_NAME=prdasdp">Prod</choice>
<choice value="$tokPlatform$ APPLICATION=Hadoop AMONAME=dev*">Dev</choice>
<choice value="$tokPlatform$ APPLICATION=Hadoop AMONAME=QAT*">QAT</choice>
</input>
<input type="time" token="field1">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<html>
</html>
</panel>
</row>
<row id="row1">
<panel depends="$alwaysHideCSS$">
<html>
<style>
#countTicketPanel{
width:25% !important;
}
#ticketStatusPanel{
width:75% !important;
}
#row1{
border-radius: 6px;
font-family:"Roboto","Droid","Helvetica Neue",Helvetica,Arial,sans-serif;
text-decoration: none;
margin:auto;
background-color: #ea0a8e;
color: #ea0a8e;
padding: 1px 1px 1px 1px;
border-top: 1px solid #CCCCCC;
border-right: 1px solid #333333;
border-bottom: 1px solid #333333;
border-left: 1px solid #CCCCCC;
position:auto;
}
#row2{
border-radius: 6px;
font-family:"Roboto","Droid","Helvetica Neue",Helvetica,Arial,sans-serif;
text-decoration: none;
margin:auto;
background-color: #ea0a8e;
color: #ea0a8e;
padding: 1px 1px 1px 1px;
border-top: 1px solid #CCCCCC;
border-right: 1px solid #333333;
border-bottom: 1px solid #333333;
border-left: 1px solid #CCCCCC;
position:auto;
}
#dropdown{
border-radius: 6px;
font-size: 12px;
font-family:"Roboto","Droid","Helvetica Neue",Helvetica,Arial,sans-serif;
text-decoration: none;
background-color: #ea0a8e;
color: #ea0a8e;
padding: 6px 8px 6px 8px;
border-top: 1px solid #CCCCCC;
border-right: 1px solid #333333;
border-bottom: 1px solid #333333;
border-left: 1px solid #CCCCCC;
margin:auto;
position:auto;
width:800px;
top:0px;
bottom:0px;
margin-left:-400px;
}
#table1 .splunk-table .splunk-paginator{
position: absolute !important;
top: -2px !important;
padding-left: 45% !important;
#table2 .splunk-table .splunk-paginator{
position: absolute !important;
top: -2px !important;
padding-left: 45% !important;
</style>
</html>
</panel>
<panel id="ticketStatusPanel">
<title>HDP INFRA ALERTS CHART</title>
<chart>
<title>ALERTS SEVERITY</title>
<search>
<query> $tokEnvironment$ | eval compound_exp=AMONAME + "#" + NETWORKELEMENTCODE|timechart span=5m count(compound_exp) BY SEVERITY </query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<refresh>5m</refresh>
<refreshType>delay</refreshType>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisTitleY.text">Count</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.chart">column</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.drilldown">all</option>
<option name="charting.fieldColors">{"CRITICAL":0xFF0000,"MINOR":0xFF8000, "MAJOR":0xFF8000}</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
<option name="charting.legend.placement">bottom</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<drilldown>
<set token="clicked_earliest">$earliest$</set>
<set token="clicked_latest">$latest$</set>
<set token="clicked_group">$click.name2$</set>
</drilldown>
</chart>
</panel>
<panel id="countTicketPanel">
<title>TICKET STATUS CHART</title>
<chart>
<title>Ticket status</title>
<search>
<query> $tokEnvironment$ | eval compound_exp=AMONAME + "#" + NETWORKELEMENTCODE |timechart span=4m count(compound_exp) BY TICKET_STATUS</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Count</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.chart">column</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.drilldown">all</option>
<option name="charting.fieldColors">{"Assigned":0xF17BF1,"Working":0xFF8000,"Resolved":0xB3E680}</option>
<option name="charting.legend.placement">bottom</option>
<option name="refresh.display">preview</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">large</option>
<drilldown>
<set token="clicked_earliest">$earliest$</set>
<set token="clicked_latest">$latest$</set>
<set token="clicked_group">$click.name2$</set>
</drilldown>
</chart>
</panel>
</row>
<row id="row2">
<panel depends="$alwaysHideCSS$">
<html>
<style>
#t1{
width:40% !important;
}
#t2{
width:60% !important;
}
</style>
</html>
</panel>
<panel id="t2">
<title>Important alerts by severity ($resultcount$)</title>
<table id="table2">
<search>
<query>$tokEnvironment$ AND TICKET_STATUS!="Closed" AND TICKET_STATUS!= "Resolved" | eval compound_exp=AMONAME + "#" + NETWORKELEMENTCODE | rename TTID as Ticket | table Ticket,MANAGER_NAME,SEVERITY,DESCRIPTION,CREATED_DATE,TICKET_STATUS,UPDATE_DATE | dedup Ticket | sort - SEVERITY desc</query>
<earliest>$earliest$</earliest>
<latest>$latest$</latest>
<done>
<eval token="resultcount">$job.resultCount$</eval>
</done>
</search>
<option name="count">10</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
<format type="color" field="SEVERITY">
<colorPalette type="map">{"CRITICAL":#DC4E41,"MINOR":#F8BE34,"MAJOR":0xFF8000}</colorPalette>
</format>
</table>
</panel>
<panel id="t1">
<title>OPEN TICKET STATUS ($resultcount1$)</title>
<table id="table1">
<search>
<done>
<eval token="resultcount1">$job.resultCount$</eval>
</done>
<query> $tokEnvironment$ AND TICKET_STATUS!="Closed" AND TICKET_STATUS!= "Resolved" | rename TTID as Ticket | eval ot = strptime(CREATED_DATE, "%Y-%m-%d %H:%M:%S")
| eval ud = strptime(UPDATE_DATE, "%Y-%m-%d %H:%M:%S")
| eval nowstring=strftime(now(), "%Y-%m-%d %H:%M:%S")
| eval open_status(hr)=tostring((now() - ot), "duration" ) | eval lastactionON(hr)=tostring((now() - ud), "duration" )
| table Ticket,TICKET_STATUS,UPDATE_DATE, open_status(hr), lastactionON(hr) | where TICKET_STATUS!= "Resolved" | dedup Ticket</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="count">10</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
<format type="color" field="TICKET_STATUS">
<colorPalette type="map">{"Assigned":#DC4E41,"Working":#F8BE34 }</colorPalette>
</format>
</table>
</panel>
</row>
<row>
<panel>
<single>
<title>Ticket Solved</title>
<search>
<query> $tokEnvironment$ AND TICKET_STATUS!="Closed" AND TICKET_STATUS!= "Resolved" | dedup TTID | table TICKET_STATUS | where TICKET_STATUS = "Resolved" | stats count</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="colorMode">block</option>
<option name="drilldown">none</option>
<option name="height">50</option>
<option name="rangeColors">["0x53a051","0xdc4e41"]</option>
<option name="rangeValues">[0]</option>
<option name="refresh.display">progressbar</option>
<option name="useColors">1</option>
</single>
</panel>
</row>
</form>![alt text][1]
... View more