Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Piechart conditional drilldown to open dashboard

mb1226
Explorer
‎02-21-2020 10:11 AM

I'm trying to get a piechart depicting teams to be drillable , opening up the respective team dashboard. I know that my LINK works because of the final conditional. But I can't seem to get any condition to match up the clicked value; everything seems to be acceptable syntax wise but gets ignored. I've searched several topics, and seen several versions but nothing seems to be working for me.

On Splunk Enterprise 7.3.2

        <title>Team Moves for Month to Date</title>
        <search>
          <query>sourcetype=edc source="*dc_*" Direction="*" User!="User" | search CMTeam!=""  | top limit=15 CMTeam</query>
          <earliest>@mon</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <condition match="'click.value2' == &quot;ASAP&quot;">
           <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___asap</link>
          </condition>
          <condition match="'click.value' == &quot;Beacon&quot;">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___beacon</link>
          </condition>
          <condition field="OpTime">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
          <condition field="Anesthesia">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___anethesia</link>
          </condition>
          <condition>
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
        </drilldown>
0 Karma
Reply

mb1226
Explorer
‎02-24-2020 11:23 AM

I've had some mixed success -- appropriate syntax is my confusion point at the moment. I found that I had to do the condition match as follows
<condition match="'click.value'=&quot;ASAP&quot;">
Otherwise it would get ignored.

The CDATA link above I couldn't get to work -- it kept generating pages literally to a url ending in "link" rather than the value of link. Of course that just generated 404 OOPS responses. Again, we seem to have a syntax issue. I don't know why this is unique, but I have seen people use $ prefixes and replace them. I tried but so far, no go.

You're way would be less verbose than my original way seeing as how I could have as many as 80 teams in play eventually. 240 line conditionals for each team panel is a lot of source code. Currently we've only had a handful active teams, but with a hold blocking anything but emergency activity for the moment.

Is there some way to test my system to establish syntax format?

0 Karma
Reply

to4kawa
Ultra Champion
‎02-25-2020 04:51 AM

a url ending in "link"
Not $links$ ?
To work eval statement, You need to click the appropriate cell.
$click.value$ is selected 1st left field, not clicked cell.
$click.value2$ is selected clicked cell value.

0 Karma
Reply

to4kawa
Ultra Champion
‎02-21-2020 02:24 PM

link@SimpleXML
try, <![CDATA[]]>

sample:

<dashboard>
  <label>pie chart drilldown</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal
| stats count by sourcetype
| eval count=log(count)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <drilldown>
          <eval token="clicks">upper($click.value$)</eval>
          <link target="_blank">
            <![CDATA[
             https://www.google.com/?q=$clicks$]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>

recommend:

<title>Team Moves for Month to Date</title>
<search>
<query>sourcetype=edc source="*dc_*" Direction="*" User!="User" CMTeam!=""| top limit=15 CMTeam</query>
<earliest>@mon</earliest>    <latest>now</latest></search>
<option name="charting.chart">pie</option>
<option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<eval token="links">if(in($click.value2$,"ASAP","Beacon","OpTime","Anesthesia"),lower($click.value2$),"optime")</eval>
<link target="_blank">
<![CDATA[
/app/search/epic_data_courier__cm___$links$
]]></link>
</drilldown>
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...