Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Piechart conditional drilldown to open dashboard

mb1226
Explorer
‎02-21-2020 10:11 AM

I'm trying to get a piechart depicting teams to be drillable , opening up the respective team dashboard. I know that my LINK works because of the final conditional. But I can't seem to get any condition to match up the clicked value; everything seems to be acceptable syntax wise but gets ignored. I've searched several topics, and seen several versions but nothing seems to be working for me.

On Splunk Enterprise 7.3.2

        <title>Team Moves for Month to Date</title>
        <search>
          <query>sourcetype=edc source="*dc_*" Direction="*" User!="User" | search CMTeam!=""  | top limit=15 CMTeam</query>
          <earliest>@mon</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <condition match="'click.value2' == &quot;ASAP&quot;">
           <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___asap</link>
          </condition>
          <condition match="'click.value' == &quot;Beacon&quot;">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___beacon</link>
          </condition>
          <condition field="OpTime">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
          <condition field="Anesthesia">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___anethesia</link>
          </condition>
          <condition>
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
        </drilldown>
0 Karma
Reply

mb1226
Explorer
‎02-24-2020 11:23 AM

I've had some mixed success -- appropriate syntax is my confusion point at the moment. I found that I had to do the condition match as follows
<condition match="'click.value'=&quot;ASAP&quot;">
Otherwise it would get ignored.

The CDATA link above I couldn't get to work -- it kept generating pages literally to a url ending in "link" rather than the value of link. Of course that just generated 404 OOPS responses. Again, we seem to have a syntax issue. I don't know why this is unique, but I have seen people use $ prefixes and replace them. I tried but so far, no go.

You're way would be less verbose than my original way seeing as how I could have as many as 80 teams in play eventually. 240 line conditionals for each team panel is a lot of source code. Currently we've only had a handful active teams, but with a hold blocking anything but emergency activity for the moment.

Is there some way to test my system to establish syntax format?

0 Karma
Reply

to4kawa
Ultra Champion
‎02-25-2020 04:51 AM

a url ending in "link"
Not $links$ ?
To work eval statement, You need to click the appropriate cell.
$click.value$ is selected 1st left field, not clicked cell.
$click.value2$ is selected clicked cell value.

0 Karma
Reply

to4kawa
Ultra Champion
‎02-21-2020 02:24 PM

link@SimpleXML
try, <![CDATA[]]>

sample:

<dashboard>
  <label>pie chart drilldown</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal
| stats count by sourcetype
| eval count=log(count)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <drilldown>
          <eval token="clicks">upper($click.value$)</eval>
          <link target="_blank">
            <![CDATA[
             https://www.google.com/?q=$clicks$]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>

recommend:

<title>Team Moves for Month to Date</title>
<search>
<query>sourcetype=edc source="*dc_*" Direction="*" User!="User" CMTeam!=""| top limit=15 CMTeam</query>
<earliest>@mon</earliest>    <latest>now</latest></search>
<option name="charting.chart">pie</option>
<option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<eval token="links">if(in($click.value2$,"ASAP","Beacon","OpTime","Anesthesia"),lower($click.value2$),"optime")</eval>
<link target="_blank">
<![CDATA[
/app/search/epic_data_courier__cm___$links$
]]></link>
</drilldown>
0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...