- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Sideview Utils: Why is the Table Module inline dri...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sideview Utils: Why is the Table Module inline drilldown loading a child table upon clicking a row, but all other parent table rows disappear?
There is html embedded in a column inside SideView Table module. The table is refreshing within a real-time search module. There is another child Table inside this Table module which is expected to appear when we click on a row in the parent Table.
The issue is, upon clicking a row, the child table successfully gets loaded, but all the rows other than the clicked row in parent table disappear.
Please note that the parent search is run from a real-time search.
The same source works as expected if the parent search is static, not real-time.
The source XML is pasted below. Any help would be appreciated. Thanks.
<module name="Search">
<param name="search">
index=summary source=*_svc_* NOT [|inputlookup ludef_excluded_appId |rename AppId as appId]
| eval reason=status . " " . reasonCode
| stats c(eval(status=="Red")) as redCount,c(eval(status=="Yellow")) as yellowCount,c(eval(status=="Green")) as greenCount, values(reason) as reason
by appId, serviceName
</param>
<param name="earliest">rt-30min</param>
<param name="latest">rt</param>
<module name="PostProcess">
<param name="search">
| stats sum(redCount) as redCount, sum(yellowCount) as yellowCount, sum(greenCount) as greenCount, values(reason) as reason
by appId
| eval status=case(redCount>0 ,"Red",redCount=0 AND yellowCount>0,"Yellow",1==1,"Green")
| mvexpand reason
| eval statusmv = split(reason," ")
| eval statussv=mvindex(statusmv,0)
| where statussv=status
| eval statusreason=mvindex(statusmv,1)
| lookup ludef_status_reason reasonCode as statusreason OUTPUT shortDescription
| stats values(shortDescription) as rdesc by appId, status
| eval rshortdesc=mvjoin(rdesc,", ")
| eval sequence=case(status="Red","0",status="Yellow","1",status="Green","2")
| eval color=case(status="Red","Red",status="Yellow","#FFC200",status="Green","Green")
| search status $varStatus$
| lookup ludef_appId_appName appId OUTPUT appName
| table status, appId, appName, rshortdesc,color,sequence
| rename status as "Status", appId as "AppId", appName as "Name", rshortdesc as "Status Reason"
| sort sequence
</param>
<module name="Table" layoutPanel="panel_row1_col1">
<param name="hiddenFields">color,sequence</param>
<module name="HTML" group="row.fields.Status">
<param name="html">
<![CDATA[<svg height="20" width="20" >
<circle cx="12" cy="12" r="7" fill="$row.fields.Status$" />
</svg>
]]>
</param>
</module>
<module name="PostProcess">
<param name="search">
| search appId="$row.fields.AppId$"
| stats sum(redCount) as redCount, sum(yellowCount) as yellowCount, sum(greenCount) as greenCount, values(reason) as reason
by serviceName
| eval status=case(redCount>0 ,"Red",redCount=0 AND yellowCount>0,"Yellow",1==1,"Green")
| mvexpand reason
| eval statusmv = split(reason," ")
| eval statussv=mvindex(statusmv,0)
| where statussv=status
| eval statusreason=mvindex(statusmv,1)
| lookup ludef_status_reason reasonCode as statusreason OUTPUT shortDescription
| stats values(shortDescription) as rdesc by serviceName, status
| eval rshortdesc=mvjoin(rdesc,", ")
| eval sequence=case(status="Red","0",status="Yellow","1",status="Green","2")
| rename status as "Status", serviceName as "Service", rshortdesc as "Status Reason"
| table Status, Service, "Status Reason", sequence
| sort sequence
</param>
<module name="Pager">
<param name="count">15</param>
<module name="Table">
<param name="hiddenFields">sequence</param>
<module name="HTML" group="row.fields.Status">
<param name="html">
<![CDATA[<svg height="20" width="20" >
<circle cx="12" cy="12" r="7" fill="$row.fields.Status$" />
</svg>]]>
</param>
</module>
<module name="Redirector">
<param name="arg.varAppId">$row.fields.AppId$</param>
<param name="arg.varService">$row.fields.Service$</param>
<param name="url">vw_spot_domain_service</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the delay replying. Although it doesn't say this in the docs, and it should, this configuration won't work with the current code. You're correct in tracking it to the real-time nature of the master search. The table module doesn't have any intelligence in it to help resolve the real time search telling to clear results and re-render, and the active selected row. Why it does what it does, I'm not exactly sure. I can look into it.
If the table were to re-render, and the selected row were to become unselected, but the child table underneath would continue to display, regardless of whether the selected row was still present in the master table, would that be OK for you? Thanks.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
