Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

charts and drilldown

anjafischer
Path Finder
‎11-21-2013 01:26 AM

Hello,

I am trying to figure out what kind of values can be retrieved from clicking a bar chart for drilldown purposes...

I am having a stacked bar timechart and i want to redirect the user to a more detailed view when he clicks on some things in the chart.
For example: if the user clicks the bar of an application "NZV", then I would like to retrieve the value "NZV" (apparently this is the $click.name2$ because the timechart is grouped by application names. However, I would also need the start and end time that are represented by the chart. From what i found out, $click.value1$ is the starting date and time of the selected bar but I do not know how to get the end time. This is not always after the same interval starting from the start time, because if the user selects different time ranges in that first view, splunk automatically puts the bars into a number of buckets. So a bar could span a da or just 10 minutes, so i would need to get that end time value somehow from teh chart...

Is there a list of drilldown values somewhere?

Tags (2)
0 Karma
Reply

Simon_Fishel
Splunk Employee
Splunk Employee
‎11-29-2013 10:58 AM

You can find a list of drilldown values here:

http://docs.splunk.com/Documentation/Splunk/6.0/Viz/PanelreferenceforSimplifiedXML#link

It sounds like $earliest$ and $latest$ are what you're looking for.

0 Karma
Reply

Simon_Fishel
Splunk Employee
Splunk Employee
‎12-02-2013 08:00 AM

Interesting, in my experiments they were the earliest/latest time of the bar I clicked on, but I didn't have a time range picker on my dashboard, so maybe that changes the behavior.

0 Karma
Reply

anjafischer
Path Finder
‎12-02-2013 03:58 AM

Hi Simon,

thanks for the list. Unfortunately, $earliest$ and $latest$ just give me the time range that was selected in my TimeRangePicker upstream from the chart and the corresponding search. What I'd be interested in is the earliest and latest of a single bar, that I click in the chart...

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...