Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trying to pass time range to the splunk search in drilldown table to open in a new window

nithin204
Explorer
‎02-12-2024 10:50 PM

Hi All, 

 

I am trying to pass time variables to the search when I click on a value in drilldown dashbaord. Below is the the source of the dashboard 

 

<form version="1.1">
<label>test12</label>
<fieldset submitButton="false">
<input type="time" token="field1">
<label>Time</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<title>test12</title>
<table>
<search>
<query>index=_internal status=* sourcetype=splunkd
|lookup test12 name AS status OUTPUT value | stats count by value</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="drilldown">row</option>
<option name="refresh.display">progressbar</option>
<drilldown target="_blank">
<set token="drilldown_srch">index=_internal status=* sourcetype=splunkd |lookup test12.csv name as status output value | where value=$row.value$</set>
<link>search?q=$drilldown_srch|u$</link>
</drilldown>
</table>
</panel>
</row>
</form>

I tried adding the time variables in the link as below but no luck

<link>search?q=$drilldown_srch?earliest=$field1.earliest&latest=$field1.latest$|u$</link>

Thanks

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 06:48 AM

Hi @nithin204,

the way to pass a parameter to a drilldown is the one I described, please try this:

<link>search?q=$drilldown_srch|u$$&amp;earliest=$field1.earliest$&amp;latest=$field1.latest$</link>

anyway, usually a drilldown search takes the same time variables of the original.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-12-2024 11:50 PM

Hi @nithin204,

what's the error you have?

anyway the string you're using is correct (I suppose that the second $ was a mistyping), but in the dashboard editor you have to use a different notation for &, you must use &amp;:

<link>search?q=$drilldown_srch?earliest=$field1.earliest$&amp;latest=$field1.latest$|u$</link>

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

nithin204
Explorer
‎02-13-2024 06:42 AM

Hi @gcusello , 

I have to use the second $ as well after drilldown_srch as that is token. 

<link>search?q=$drilldown_srch$?earliest=$field1.earliest$&amp;latest=$field1.latest$|u$</link>

If I skip the second "$" after the drillwon_srch, and if I click the value the new search opens as $drilldown_srch in the search bar in new window. 

 

If I use the $drilldown_srch$ , the search is working correct but it is not taking the time variables. It always have a default of 15mins. 

Thanks 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 06:48 AM

Hi @nithin204,

the way to pass a parameter to a drilldown is the one I described, please try this:

<link>search?q=$drilldown_srch|u$$&amp;earliest=$field1.earliest$&amp;latest=$field1.latest$</link>

anyway, usually a drilldown search takes the same time variables of the original.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 07:11 AM

Hi @nithin204 ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...