Solved: Re: How to set up a drilldown within a timechart t...

KindaWorking · ‎01-11-2015

I am a splunk/drill down and eval newbie. And I have a quick question.

I would like to have a drill down set up in a dashboard so I can click on a date in a timechart and have another panel lower down in the same dashboard update to show data from the date that I clicked on.

Currently I can pass through the $click.value$ through to a date picker but that will only pass through the earliest. For instance

<drilldown>
          <set token="timefield.earliest">$click.value$</set>
          <set token="form.timefield.earliest">$click.value$</set>
</drilldown>

How do I make it set the timefield.latest as well? I feel like I am missing something really obvious.

The only solution I could think of was to make an eval query and use that, but being a noobie to that I cannot get that to quite work yet either. Also this would not be ideal as the amount of time I want to look at varies depending on the time period I am looking at.

Example of the Eval I was trying to use

|eval $form.placeholder$=timetestearliest+timetest

Thanks

ramdaspr · ‎02-02-2015

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

View solution in original post

ramdaspr · ‎02-02-2015

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

KindaWorking · ‎02-03-2015

Thanks ramdaspr. That is exactly what I was after.

How to set up a drilldown within a timechart to search over the selected time and output the data in another panel below?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability