Dashboards & Visualizations

How to set up a drilldown within a timechart to search over the selected time and output the data in another panel below?

KindaWorking
Path Finder

I am a splunk/drill down and eval newbie. And I have a quick question.

I would like to have a drill down set up in a dashboard so I can click on a date in a timechart and have another panel lower down in the same dashboard update to show data from the date that I clicked on.

Currently I can pass through the $click.value$ through to a date picker but that will only pass through the earliest. For instance

<drilldown>
          <set token="timefield.earliest">$click.value$</set>
          <set token="form.timefield.earliest">$click.value$</set>
</drilldown>

How do I make it set the timefield.latest as well? I feel like I am missing something really obvious.

The only solution I could think of was to make an eval query and use that, but being a noobie to that I cannot get that to quite work yet either. Also this would not be ideal as the amount of time I want to look at varies depending on the time period I am looking at.

Example of the Eval I was trying to use

|eval $form.placeholder$=timetestearliest+timetest

Thanks

0 Karma
1 Solution

ramdaspr
Contributor

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

View solution in original post

ramdaspr
Contributor

Drilldown has earliest and latest properties which you can use directly

<drilldown>
           <set token="tok_ear">$earliest$</set>
           <set token="tok_lat">$latest$</set>
 </drilldown>

KindaWorking
Path Finder

Thanks ramdaspr. That is exactly what I was after.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...