Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to display a table based on a clicked value of...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sh254087
Communicator
11-04-2022
08:31 AM
I have a table with 1 column and 6 rows which I'll be changing to 1 row and 6 columns using transpose and eventually hide the header using CSS, such that I only have a row of 6 different values, say - A, B, C, D, E, F.
I want to display details related to each of those 6 values based on what value is clicked. The query for each of those 6 values are different and hence I have placed them in separate tables, something like - TableA, TableB,...,TableF.
I have come across <condition/> option but I'm not able to make out how I can use that in this scenario.
Any leads in achieving this will be of great help.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kamlesh_vaghela
SplunkTrust
11-04-2022
10:29 AM
Can you please try this?
<dashboard version="1.1">
<label>Dynamic Depends</label>
<row>
<panel>
<table>
<search>
<query>| makeresults
| eval F="A,B,C,D,E,F",F=split(F,",")
| mvexpand F
| eval H=F
| table H F
| transpose header_field=H
| fields - column</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">cell</option>
<drilldown>
<condition match="$click.value2$=="A"">
<set token="panel_A">$click.value2$</set>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="B"">
<set token="panel_B">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="C"">
<set token="panel_C">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="D"">
<set token="panel_D">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="E"">
<set token="panel_E">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="F"">
<set token="panel_F">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
</condition>
</drilldown>
</table>
</panel>
</row>
<row>
<panel depends="$panel_A$">
<title>Panel A</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_A$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_B$">
<title>Panel B</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_B$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_C$">
<title>Panel C</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_C$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_D$">
<title>Panel D</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_D$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_E$">
<title>Panel E</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_E$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_F$">
<title>Panel F</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_F$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</dashboard>
Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sh254087
Communicator
11-07-2022
03:24 AM
Is there a way that I can accept two solutions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bowesmana
SplunkTrust
11-07-2022
02:37 PM
You can only accept one, but you accepted the right one 😁
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sh254087
Communicator
11-07-2022
03:21 AM
@kamlesh_vaghela KV, Thank you very much for putting an effort into sharing this. It is in detail and very helpful. It just works the way I wanted it to. Thank you very much, again. Appreciate it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bowesmana
SplunkTrust
11-06-2022
09:35 PM
You don't actually need the <condition> block, as you can set/unset tokens with an <eval> token setting method, i.e. using @kamlesh_vaghela example, you can replace the entire condition block with
<drilldown>
<eval token="panel_A">if($click.value2$="A","true",null())</eval>
<eval token="panel_B">if($click.value2$="B","true",null())</eval>
<eval token="panel_C">if($click.value2$="C","true",null())</eval>
<eval token="panel_D">if($click.value2$="D","true",null())</eval>
<eval token="panel_E">if($click.value2$="E","true",null())</eval>
<eval token="panel_F">if($click.value2$="F","true",null())</eval>
</drilldown>Using an IF clause in the eval and setting the token to null() for the false case will unset the corresponding token
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sh254087
Communicator
11-07-2022
03:23 AM
@bowesmana Thank you too, for the refining tip. tried this and this as well worked perfectly. thank you very much, again. Appreciate it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kamlesh_vaghela
SplunkTrust
11-04-2022
10:29 AM
Can you please try this?
<dashboard version="1.1">
<label>Dynamic Depends</label>
<row>
<panel>
<table>
<search>
<query>| makeresults
| eval F="A,B,C,D,E,F",F=split(F,",")
| mvexpand F
| eval H=F
| table H F
| transpose header_field=H
| fields - column</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">cell</option>
<drilldown>
<condition match="$click.value2$=="A"">
<set token="panel_A">$click.value2$</set>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="B"">
<set token="panel_B">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="C"">
<set token="panel_C">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="D"">
<set token="panel_D">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_E"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="E"">
<set token="panel_E">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_F"></unset>
</condition>
<condition match="$click.value2$=="F"">
<set token="panel_F">$click.value2$</set>
<unset token="panel_A"></unset>
<unset token="panel_B"></unset>
<unset token="panel_C"></unset>
<unset token="panel_D"></unset>
<unset token="panel_E"></unset>
</condition>
</drilldown>
</table>
</panel>
</row>
<row>
<panel depends="$panel_A$">
<title>Panel A</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_A$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_B$">
<title>Panel B</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_B$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_C$">
<title>Panel C</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_C$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_D$">
<title>Panel D</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_D$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_E$">
<title>Panel E</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_E$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
<panel depends="$panel_F$">
<title>Panel F</title>
<table>
<search>
<query>| makeresults | eval Message="This is flag $panel_F$"</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</dashboard>
Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.
Get Updates on the Splunk Community!
Join Us for Splunk University and Get Your Bootcamp Game On!
If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...
.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!
.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...
Announcing Scheduled Export GA for Dashboard Studio
We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...
