How do code condition in drilldown to open either...

wangkevin1029 · ‎11-02-2022

Hi, Splunkers,

I have the following panel in my dashboard, I need some different drilldown for the following 3 table columns:

a	b	c
1234	abcd	xyz

when I click 1234 (column a), I expect using 1234 as input to open another panel in same dashboard.

when I click abcd or xyz (column b or c ) , I expect using them as input to open different dashboard accordingly.

how to code this condition in drilldown section ?

thx in advance.

Kevin

kamlesh_vaghela · ‎11-02-2022

@wangkevin1029

Are you looking for this condition?

<drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>

Sample XML.

<dashboard version="1.1">
  <label>DrilldownCondition</label>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults 
            | eval _raw="a,b,c
            1234,abcd,xyz" 
            | multikv forceheader=1
            |table a b c</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="drilldown">cell</option>
        <drilldown>
          <condition field="a">
            <set token="panel_flag">true</set>
          </condition>
          <condition field="b">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
          <condition field="c">
            <link target="_blank">/app/search/bar_chart_drilldown</link>
            <unset token="panel_flag"></unset>
          </condition>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$panel_flag$">
      <chart>
        <search>
          <query>| makeresults | eval _raw="data_source, anomaly_count, database_id
DB1,100,1_0
DB2,50,2_0
DB3,40,3_0" | multikv forceheader=1 | table data_source, anomaly_count, database_id | table data_source, anomaly_count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">bar</option>
        <option name="charting.drilldown">none</option>
      </chart>
    </panel>
  </row>
</dashboard>

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.

wangkevin1029 · ‎11-02-2022

Kamlesh,

thx you very much for your quick response, I will try it.

Kevin

How do code condition in drilldown to open either a panel in same dashboard or open a different dashboard?

dashboard

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation