Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do code condition in drilldown to open either a panel in same dashboard or open a different dashboard?

wangkevin1029
Communicator
‎11-02-2022 08:45 AM

Hi, Splunkers, 

 

I have the following panel in my dashboard,  I need some different drilldown for the following 3 table columns:

abc
1234abcdxyz

 

when I click 1234 (column a),  I expect using 1234 as input to open another panel in same dashboard.

when I click abcd  or xyz (column b or c ) , I expect using them as input to open different dashboard accordingly.

how to code this condition in drilldown section ? 

 

thx in advance.

 

Kevin

Labels (1)
Labels
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎11-02-2022 10:22 AM

@wangkevin1029 

Are you looking for this condition?

<drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>

 

Sample XML.

 

<dashboard version="1.1">
  <label>DrilldownCondition</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults 
            | eval _raw="a,b,c
            1234,abcd,xyz" 
            | multikv forceheader=1
            |table a b c</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$panel_flag$">
      <chart>
        <search>
          <query>| makeresults | eval _raw="data_source, anomaly_count, database_id
DB1,100,1_0
DB2,50,2_0
DB3,40,3_0" | multikv forceheader=1 | table data_source, anomaly_count, database_id | table data_source, anomaly_count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">bar</option>
        <option name="charting.drilldown">none</option>
      </chart>
    </panel>
  </row>
</dashboard>

 

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

0 Karma
Reply

wangkevin1029
Communicator
‎11-02-2022 02:13 PM

Kamlesh, 

 

thx you very much for your quick response, I will try it.

 

Kevin

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...