How do code condition in drilldown to open either...

wangkevin1029 · ‎11-02-2022

Hi, Splunkers,

I have the following panel in my dashboard, I need some different drilldown for the following 3 table columns:

a	b	c
1234	abcd	xyz

when I click 1234 (column a), I expect using 1234 as input to open another panel in same dashboard.

when I click abcd or xyz (column b or c ) , I expect using them as input to open different dashboard accordingly.

how to code this condition in drilldown section ?

thx in advance.

Kevin

kamlesh_vaghela · ‎11-02-2022

@wangkevin1029

Are you looking for this condition?

<drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>

Sample XML.

<dashboard version="1.1">
  <label>DrilldownCondition</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults 
            | eval _raw="a,b,c
            1234,abcd,xyz" 
            | multikv forceheader=1
            |table a b c</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$panel_flag$">
      <chart>
        <search>
          <query>| makeresults | eval _raw="data_source, anomaly_count, database_id
DB1,100,1_0
DB2,50,2_0
DB3,40,3_0" | multikv forceheader=1 | table data_source, anomaly_count, database_id | table data_source, anomaly_count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">bar</option>
        <option name="charting.drilldown">none</option>
      </chart>
    </panel>
  </row>
</dashboard>

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

wangkevin1029 · ‎11-02-2022

Kamlesh,

thx you very much for your quick response, I will try it.

Kevin

How do code condition in drilldown to open either a panel in same dashboard or open a different dashboard?

dashboard

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Are you a member of the Splunk Community?

How do code condition in drilldown to open either a panel in same dashboard or open a different dashboard?

dashboard

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases