Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Use "OTHER" value in drilldown search

mztopp
Explorer
‎02-08-2021 10:09 AM

Hello all!

Currently I have a custom drilldown in place that takes a line graph, pulls the time field for earliest (and +1h for latest) and pulls the country associated with the line. This information is used to populate the search with click tokens. i.e. index=mysearch parameters=* | iplocation src_ip | search Country="$token$" | stats count by _time, src_ip, Country ... My hope is to not have to useother=f, but instead find a workaround for Country="OTHER" to understand it means not the other countries in the top 10. Any help is much appreciated!

So, if I were to click the United States line on the graph, all is fine for Country="United States", Canada would be the same success, but OTHER is not an actual value, but a placeholder for the conglomerate of countries that didn't make the top 10. How can I get that to populate as such for the drilldown, but also if a real country is clicked, it would distinguish that as well?

Labels (3)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...