Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Piechart conditional drilldown to open dashboard

mb1226
Explorer
‎02-21-2020 10:11 AM

I'm trying to get a piechart depicting teams to be drillable , opening up the respective team dashboard. I know that my LINK works because of the final conditional. But I can't seem to get any condition to match up the clicked value; everything seems to be acceptable syntax wise but gets ignored. I've searched several topics, and seen several versions but nothing seems to be working for me.

On Splunk Enterprise 7.3.2

        <title>Team Moves for Month to Date</title>
        <search>
          <query>sourcetype=edc source="*dc_*" Direction="*" User!="User" | search CMTeam!=""  | top limit=15 CMTeam</query>
          <earliest>@mon</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <condition match="'click.value2' == &quot;ASAP&quot;">
           <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___asap</link>
          </condition>
          <condition match="'click.value' == &quot;Beacon&quot;">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___beacon</link>
          </condition>
          <condition field="OpTime">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
          <condition field="Anesthesia">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___anethesia</link>
          </condition>
          <condition>
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
        </drilldown>
0 Karma
Reply

mb1226
Explorer
‎02-24-2020 11:23 AM

I've had some mixed success -- appropriate syntax is my confusion point at the moment. I found that I had to do the condition match as follows
<condition match="'click.value'=&quot;ASAP&quot;">
Otherwise it would get ignored.

The CDATA link above I couldn't get to work -- it kept generating pages literally to a url ending in "link" rather than the value of link. Of course that just generated 404 OOPS responses. Again, we seem to have a syntax issue. I don't know why this is unique, but I have seen people use $ prefixes and replace them. I tried but so far, no go.

You're way would be less verbose than my original way seeing as how I could have as many as 80 teams in play eventually. 240 line conditionals for each team panel is a lot of source code. Currently we've only had a handful active teams, but with a hold blocking anything but emergency activity for the moment.

Is there some way to test my system to establish syntax format?

0 Karma
Reply

to4kawa
Ultra Champion
‎02-25-2020 04:51 AM

a url ending in "link"
Not $links$ ?
To work eval statement, You need to click the appropriate cell.
$click.value$ is selected 1st left field, not clicked cell.
$click.value2$ is selected clicked cell value.

0 Karma
Reply

to4kawa
Ultra Champion
‎02-21-2020 02:24 PM

link@SimpleXML
try, <![CDATA[]]>

sample:

<dashboard>
  <label>pie chart drilldown</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal
| stats count by sourcetype
| eval count=log(count)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <drilldown>
          <eval token="clicks">upper($click.value$)</eval>
          <link target="_blank">
            <![CDATA[
             https://www.google.com/?q=$clicks$]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>

recommend:

<title>Team Moves for Month to Date</title>
<search>
<query>sourcetype=edc source="*dc_*" Direction="*" User!="User" CMTeam!=""| top limit=15 CMTeam</query>
<earliest>@mon</earliest>    <latest>now</latest></search>
<option name="charting.chart">pie</option>
<option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<eval token="links">if(in($click.value2$,"ASAP","Beacon","OpTime","Anesthesia"),lower($click.value2$),"optime")</eval>
<link target="_blank">
<![CDATA[
/app/search/epic_data_courier__cm___$links$
]]></link>
</drilldown>
0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...