Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Piechart conditional drilldown to open dashboard

mb1226
Explorer
‎02-21-2020 10:11 AM

I'm trying to get a piechart depicting teams to be drillable , opening up the respective team dashboard. I know that my LINK works because of the final conditional. But I can't seem to get any condition to match up the clicked value; everything seems to be acceptable syntax wise but gets ignored. I've searched several topics, and seen several versions but nothing seems to be working for me.

On Splunk Enterprise 7.3.2

        <title>Team Moves for Month to Date</title>
        <search>
          <query>sourcetype=edc source="*dc_*" Direction="*" User!="User" | search CMTeam!=""  | top limit=15 CMTeam</query>
          <earliest>@mon</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <condition match="'click.value2' == &quot;ASAP&quot;">
           <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___asap</link>
          </condition>
          <condition match="'click.value' == &quot;Beacon&quot;">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___beacon</link>
          </condition>
          <condition field="OpTime">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
          <condition field="Anesthesia">
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___anethesia</link>
          </condition>
          <condition>
            <link target="_blank">https:<fullpath>/app/search/epic_data_courier__cm___optime</link>
          </condition>
        </drilldown>
0 Karma
Reply

mb1226
Explorer
‎02-24-2020 11:23 AM

I've had some mixed success -- appropriate syntax is my confusion point at the moment. I found that I had to do the condition match as follows
<condition match="'click.value'=&quot;ASAP&quot;">
Otherwise it would get ignored.

The CDATA link above I couldn't get to work -- it kept generating pages literally to a url ending in "link" rather than the value of link. Of course that just generated 404 OOPS responses. Again, we seem to have a syntax issue. I don't know why this is unique, but I have seen people use $ prefixes and replace them. I tried but so far, no go.

You're way would be less verbose than my original way seeing as how I could have as many as 80 teams in play eventually. 240 line conditionals for each team panel is a lot of source code. Currently we've only had a handful active teams, but with a hold blocking anything but emergency activity for the moment.

Is there some way to test my system to establish syntax format?

0 Karma
Reply

to4kawa
Ultra Champion
‎02-25-2020 04:51 AM

a url ending in "link"
Not $links$ ?
To work eval statement, You need to click the appropriate cell.
$click.value$ is selected 1st left field, not clicked cell.
$click.value2$ is selected clicked cell value.

0 Karma
Reply

to4kawa
Ultra Champion
‎02-21-2020 02:24 PM

link@SimpleXML
try, <![CDATA[]]>

sample:

<dashboard>
  <label>pie chart drilldown</label>
  <row>
    <panel>
      <chart>
        <search>
          <query>index=_internal
| stats count by sourcetype
| eval count=log(count)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.chart">pie</option>
        <option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
        <drilldown>
          <eval token="clicks">upper($click.value$)</eval>
          <link target="_blank">
            <![CDATA[
             https://www.google.com/?q=$clicks$]]>
          </link>
        </drilldown>
      </chart>
    </panel>
  </row>
</dashboard>

recommend:

<title>Team Moves for Month to Date</title>
<search>
<query>sourcetype=edc source="*dc_*" Direction="*" User!="User" CMTeam!=""| top limit=15 CMTeam</query>
<earliest>@mon</earliest>    <latest>now</latest></search>
<option name="charting.chart">pie</option>
<option name="charting.seriesColors">[0x0066FF,0xFFCC00,0xFF3300,0x009933,0x009999,0x9900CC,0x000000,0xCC0000,0x000099,0x00CC00,0x33ADFF,0xFF00FF]</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<eval token="links">if(in($click.value2$,"ASAP","Beacon","OpTime","Anesthesia"),lower($click.value2$),"optime")</eval>
<link target="_blank">
<![CDATA[
/app/search/epic_data_courier__cm___$links$
]]></link>
</drilldown>
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...