- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Help on Dynamic Dashboard Drilldown
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help on Dynamic Dashboard Drilldown
Hi, in my dashboard I use the search below:
[| inputlookup host.csv
| table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process"
| bucket _time span=3m
| where process_cpu_used_percent>80
| dedup host process_name
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| search SITE=$tok_filtersite|s$
| stats count(process_name) as Total by host
| sort -Total limit=10
When I click on the result panel, I open a drilldown
The code of the drilldown is :
[| inputlookup host.csv
| table host] index="ai-wkst-perfmon-fr" sourcetype="perfmonmk:process"
| bucket _time span=3m
| where process_cpu_used_percent>80
| dedup host process_name
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE COUNTRY TOWN ROOM | eval time = strftime(_time, "%m/%d/%Y %H:%M")
| stats latest(time) as time values(COUNTRY) as COUNTRY, values(TOWN) as TOWN, values(SITE) as SITE, values(ROOM) as ROOM, count(process_name) as Total by host
| sort -Total
I need to update automatically the data in my drilldown from the data filtered on the main dashboard
It means that I need to retrieve the fields SITE already used in the main dashboard
How to do this?
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is anybody cant help me please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the advanced parameter of the dashboard source, I have done :
SITE = $tok_filtersite|s$
And in the destination dashboard (drilldown), I have done :
| where SITE=$SITE$
It seems to work except when I choose * in the dropdown list instead a specific SITE
In this case, when I click on the dashboard source, I have an empty result in the dashboard destination......
What is the problem please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is anybody for helping me please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@jip31,
If you wish to display the same event(result) from panel query and drill-down query. Then i believe, you need to add below filter in drill-down query ..
correct me if i misunderstand your requirement..
| search SITE=$tok_filtersite|s$
Thanks ..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried this but when I m doing this in my drill I have the message : the search is waiting for entries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to my mind there is something to do in advanced parameters but i dont succeed
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
