Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Help on Dynamic Dashboard Drilldown

jip31
Motivator
‎06-11-2019 05:26 AM

Hi, in my dashboard I use the search below:

  [| inputlookup host.csv 
        | table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process" 
    | bucket _time span=3m 
    | where process_cpu_used_percent>80 
    | dedup host process_name 
    | lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE 
    | search SITE=$tok_filtersite|s$ 
    | stats count(process_name) as Total by host
    | sort -Total limit=10

When I click on the result panel, I open a drilldown
The code of the drilldown is :

[| inputlookup host.csv 
    | table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process" 
| bucket _time span=3m 
| where process_cpu_used_percent>80 
| dedup host process_name 
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE COUNTRY TOWN ROOM | eval time = strftime(_time, "%m/%d/%Y %H:%M") 
| stats latest(time) as time values(COUNTRY) as COUNTRY, values(TOWN) as TOWN, values(SITE) as SITE, values(ROOM) as ROOM, count(process_name) as Total by host
| sort -Total

I need to update automatically the data in my drilldown from the data filtered on the main dashboard
It means that I need to retrieve the fields SITE already used in the main dashboard
How to do this?
Thank you.

0 Karma
Reply

jip31
Motivator
‎06-11-2019 10:11 PM

is anybody cant help me please??

0 Karma
Reply

jip31
Motivator
‎06-12-2019 12:07 AM

In the advanced parameter of the dashboard source, I have done :
SITE = $tok_filtersite|s$
And in the destination dashboard (drilldown), I have done :
| where SITE=$SITE$
It seems to work except when I choose * in the dropdown list instead a specific SITE
In this case, when I click on the dashboard source, I have an empty result in the dashboard destination......
What is the problem please??

0 Karma
Reply

jip31
Motivator
‎06-16-2019 07:52 AM

Is anybody for helping me please?

0 Karma
Reply

Shan
Builder
‎06-11-2019 05:37 AM

@jip31,

If you wish to display the same event(result) from panel query and drill-down query. Then i believe, you need to add below filter in drill-down query ..
correct me if i misunderstand your requirement..

| search SITE=$tok_filtersite|s$

Thanks ..

0 Karma
Reply

jip31
Motivator
‎06-11-2019 05:53 AM

I tried this but when I m doing this in my drill I have the message : the search is waiting for entries

0 Karma
Reply

jip31
Motivator
‎06-11-2019 10:09 AM

to my mind there is something to do in advanced parameters but i dont succeed

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...