Splunk Search

charts and drilldown

anjafischer
Path Finder

Hello,

I am trying to figure out what kind of values can be retrieved from clicking a bar chart for drilldown purposes...

I am having a stacked bar timechart and i want to redirect the user to a more detailed view when he clicks on some things in the chart.
For example: if the user clicks the bar of an application "NZV", then I would like to retrieve the value "NZV" (apparently this is the $click.name2$ because the timechart is grouped by application names. However, I would also need the start and end time that are represented by the chart. From what i found out, $click.value1$ is the starting date and time of the selected bar but I do not know how to get the end time. This is not always after the same interval starting from the start time, because if the user selects different time ranges in that first view, splunk automatically puts the bars into a number of buckets. So a bar could span a da or just 10 minutes, so i would need to get that end time value somehow from teh chart...

Is there a list of drilldown values somewhere?

Tags (2)
0 Karma

Simon_Fishel
Splunk Employee
Splunk Employee

You can find a list of drilldown values here:

http://docs.splunk.com/Documentation/Splunk/6.0/Viz/PanelreferenceforSimplifiedXML#link

It sounds like $earliest$ and $latest$ are what you're looking for.

0 Karma

Simon_Fishel
Splunk Employee
Splunk Employee

Interesting, in my experiments they were the earliest/latest time of the bar I clicked on, but I didn't have a time range picker on my dashboard, so maybe that changes the behavior.

0 Karma

anjafischer
Path Finder

Hi Simon,

thanks for the list. Unfortunately, $earliest$ and $latest$ just give me the time range that was selected in my TimeRangePicker upstream from the chart and the corresponding search. What I'd be interested in is the earliest and latest of a single bar, that I click in the chart...

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...