How to create a drilldown from several pie charts ...

smhsplunk · ‎06-16-2016

I have several pie charts. I would like to drilldown from each of the pie charts
to the same table in a different view page.

So far I am able to drilldown any value of the piechart to separate tables in the other
page. But to save space, I would like to drilldown to the same table. I am trying
this conditional OR statement, but it seems not to work. Is it the case that
for the search to work, all the tokens in the search should have a value
assigned to it? How to assign a default value to a token? or do I have to use
some eval statement here?

This is the PieChart in View 1 (Similarly I have several other piecharts)

<chart>
      <title>Traffic Locations</title>
        <searchString>index=location source=traffic_locations | fields state_name | top 20 state_name</searchString>
     <option name="charting.chart">pie</option>
        <option name="maxResultCount">200000</option>   

   <drilldown>
    <!--<set token="state_name">$click.value$</set>-->
          <link>
           <![CDATA[
        /app/myapp/myview1_2?form.state_name=$click.value$
            ]]>
           </link>
     </drilldown>

    </chart>

This is search for the table in View 2

 <row>
    <panel>

      <table>
        <search>
          <query>index=location source=traffic_locations 
                | search * (state_name=$form.state_name$ OR zip_code=$form.zip_code$)  <!-- This doesnt work! -->
                | table location, state_name, zip_code, address, quantity  
                | sort by state_name</query>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumber">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">20</option>
        <option name="rowNumbers">false</option>
      </table>
   </panel>
   </row>

Please help. Thanks in advance.

somesoni2 · ‎06-16-2016

Based on your example, for two panels in dashboard 1, state_name pie chart and zip_code pie chart, use following as drilldown URL. Basically make sure each drilldown is passing values to all tokens used in your drilldown table search, with default value as *.

state_name pie chart

<link>
            <![CDATA[
         /app/myapp/myview1_2?form.state_name=$click.value$&for.zip_code=*
             ]]>
</link>

zip_code pie chart

<link>
            <![CDATA[
         /app/myapp/myview1_2?form.state_name=*&for.zip_code=$click.value$
             ]]>
</link>

smhsplunk · ‎06-16-2016

Your Awesome!

I also had to change
(state_name=$form.state_name$ AND zip_code=$form.zip_code$)
from OR to AND.

This makes sense, but now I need to pass default value for all the other piecharts.

jconger · ‎06-16-2016

2 things:

1) You are only passing state_name to view 2.

2) For performance, your search in view 2 should be:

index=location source=traffic_locations (state_name=$form.state_name$ OR zip_code=$form.zip_code$) | table location, state_name, zip_code, address, quantity | sort by state_name

sundareshr · ‎06-16-2016

Try removing the * after search command.

smhsplunk · ‎06-16-2016

That doesnt work. "Search is waiting for input.."

somesoni2 · ‎06-16-2016

Do different pie chart provides different values/token to your drilldown dashboard/panel?

smhsplunk · ‎06-16-2016

Yes, the piecharts shows different columns of the same table in the drilldown.

For the drilldown I have for piechart1

/app/myapp/myview1_2?form.state_name=$click.value$

and then for another piechart

/app/myapp/myview1_2?form.zip_code=$click.value$

similarly several more

How to create a drilldown from several pie charts in Dashboard1 to the same single table in Dashboard2?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor