Dashboards & Visualizations

How do you create a dynamic drilldown on a specific row selection?

mabinn
Explorer

Hello friends,

I have three columns: product_name, item_sold, and receipt_numbers. Only the product name and item sold are being displayed in my dashboard. When I click a graph, I want to be able to get the receipt numbers of that product:

My query lists the third column with a delimiter to combine all the receipt numbers with a "-".

source=xyz | stats count(item_sold) by product_name, delim="-" values(receipt_numbers) as receipts| mvcombine receipts | table product_name, item_sold

   product_name                      item_sold                   receipts

    shampoo                            3                           123-456-789
    soap                               2                           234-543
    detergent                          1                           192
    toothpaste                         4                           111-234-543-232

so based on my query, I produce a graph with product and item sold. When I click on the "item_sold" from the chart, I want to get the "receipt_number" from that field and pass it to my application. For example, if I click on "4" from toothpaste row, I want to get the string "111-234-543-232"

My XML

<query> my query above  <query>

<drilldown>
  <link target="">
      my_application/ <receipt_number_string>
  </link>
</drilldown>

I've read and tried lots of dynamic drilldown but im still lost. Thanks a lot!

0 Karma

harishalipaka
Motivator

hi @mabinn

try below example

<dashboard>
  <label>table_3rows</label>
  <row>
    <panel>
      <table>
        <title>Fruits_first_tabel</title>
        <search>
          <query>|makeresults |eval  product_name="shampoo",item_sold=3,receipts="123-456-789" |append [|makeresults |eval  product_name="soap",item_sold=2,receipts="234-543"]  |append [|makeresults |eval  product_name="toothpaste",item_sold=4,receipts="111-234-543-232"] |table product_name item_sold receipts</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="drilldown">row</option>
        <drilldown>
          <set token="first">$row.receipts$</set>
        </drilldown>
      </table>
    </panel>
  </row>
  <row depends="$first$">
    <panel>
      <table>
        <title>$first$</title>
        <search>
          <query>|makeresults |eval  product_name="shampoo",item_sold=3,receipts="123-456-789" |append [|makeresults |eval  product_name="soap",item_sold=2,receipts="234-543"]  |append [|makeresults |eval  product_name="toothpaste",item_sold=4,receipts="111-234-543-232"] |where receipts="$first$"|table product_name item_sold receipts</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">row</option>
        <option name="rowNumbers">false</option>
        <drilldown>
          <set token="second">$click.value$</set>
        </drilldown>
      </table>
    </panel>
  </row>
</dashboard>
Thanks
Harish
0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@mabinn ,
Which visualization are you using? Table?

Happy Splunking!
0 Karma

Justinboucher0
Path Finder

You need to get the receipt number in a token.

Then your parameter will have my_application/$tkn.receipt_number$

0 Karma

mabinn
Explorer

I actually tried doing this but it is not working. I thought this should be the correct answer, but token is not working.

  my_application/ $row. receipts $ 

However, if I use

    <drilldown>
       <link>
          my_application/ $click.value2 $ 
       </link>
    </drilldown>

I am getting: my_application/

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...