sideview chart drilldown to table view

testAnalysis · ‎04-11-2013

I have a stacked column chart that shows up fine but I want the user to be able to click on it and then use post process to display a table view of the results of that click
for example my column chart looks like...

|||||####

if the user clicks on the "|" then it showed display

Table View
|a,|b,|c,|d, how do i enable sideview charts to allow me to click an event and use post process

sideview · ‎04-11-2013

First, in the Sideview Utils documentation, go to

"Key Techniques > Using PostProcess > Introduction" and read the whole section from the beginning.

It's important to know the pitfalls associated with using postprocess before proceeding further. Also make sure you're at least at Sideview Utils version 2.4.5 because the postProcess documentation was greatly improved in that release. http://sideviewapps.com/apps/sideview-utils

Second, here's a simple example of setting up an inline chart drilldown that runs a new search when the chart is clicked.

<!-- EXAMPLE BEGIN -->
<module name="Search" layoutPanel="panel_row2_col1" autoRun="True">
  <param name="search">index=_internal source="*metrics.log" group="per_sourcetype_thruput" | timechart sum(kb) by series</param>
  <param name="earliest">-4h</param>

  <module name="HiddenChartFormatter">
    <param name="charting.chart">column</param>
    <param name="charting.chart.stackMode">stacked</param>

    <module name="JSChart">

      <module name="HTML">
        <param name="html"><![CDATA[
          <h2>Showing max, avg and min eps over time for sourcetype $click.name2$</h2>
        ]]></param>
      </module>
      <module name="Search">
        <param name="search">index=_internal source="*metrics.log" group="per_sourcetype_thruput" $click.searchTerms$ | timechart max(eps) avg(eps) min(eps)</param>
        <param name="earliest">-12h</param>

        <module name="HiddenChartFormatter">
          <param name="charting.chart">line</param>
          <param name="charting.chart.nullValueMode">zero</param>

          <module name="FlashChart"></module>

        </module>
      </module>
    </module>
  </module>
</module>
<!-- EXAMPLE END -->

As far as a general answer to your question, without the details of your search, and without the details of what exactly you're trying to show in the Table below, it's hard to advise you. PostProcess is a pretty advanced technique and aside from saying "combine what you learn on the postProcess page, with what you see in the xml above", it's hard to give an answer that feels definitive.

Can you post your exact search language though and then I can come back and update this answer?

sideview · ‎04-11-2013

Looking at the code in pastebin, you've only gotten as far as the second pie chart and there's nothing beneath it. This means that the second pie chart will not make itself clickable - it has to have something downstream to push to in order to become interactive.

Also note that if you need to use the upper layers as you go, you'll want to use the drilldownPrefix command to change the token prefixes from click to something like click1, click2, click3 etc. That way you can use the $click1.$ and $click2.$ tokens at the same time.

testAnalysis · ‎04-11-2013

right now i managed to create a pie chart that when clicked creates a drill down pie chart. I want to be able to click the second pie chart to create a third pie chart and then on click to the third pie chart it should show me a table. I have attempted to nest the search modules like reading from other docs but when I roll over it won't allow me to click on the second chart to drill down into the third and so on...

I have attached my code below
http://pastebin.com/qcUd5A3f

sideview chart drilldown to table view

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms