Solved: How to setup dashboard drilldown so clicked value ...

jeffreyjewitt · ‎09-04-2014

Hi:

I will admit to getting confused with the advanced simple XML dashboarding.
I currently has a simple 3 form (1 textbox, 1 dropdown and time picker) dashboard that populates a table with data. You can then click on a value in the data, and the results will redirect you to the search app, fill in a query and start searching.
What I would love to have is that same 3 form simple dashboard, but have the results from clicking on a value in the data return below the table, not in a separate page or app.
I believe that this is possible, as it seems to be done by the splunk sos app (drop down for what splunk server to query, and a time picker), and below is a splunk search driven by data selected from a list box. I was looking at the source xml for the SOS app, and getting totally confused as to how it was working.

I've been looking at the documentation for the splunk dashboard_examples app, but it doesn't seem to show that usage case.

Does anyone have any idea if what I want to do is possible, and any tips as to how to go about achieving this?

Thanks for any assistance you could provide

-Jeff

Below is the current dashboard:

<form >

<label >Blah</label >

<fieldset >

    <input type="text" token="memberID" > 

        <label >MemberID</label > 

        <default >*</default > 

        <seed >*</seed > 

    </input >

    <input type="dropdown" token="transactionType" >

        <label >Select a Transaction Type</label >

        <choice value="*" >Any</choice >

    </input >

    <input type="time" token="dashboardTime" searchWhenChanged="true" >

        <label >Timeframe</label >

        <default >

            <earliestTime >@d</earliestTime >

            <latestTime >now</latestTime >

        </default >

    </input >

</fieldset >

<searchTemplate > 

    <seaerch > | stats count(transferID) by transferID | fields transferID

</searchTemplate >

<row >   

    <!-- show results as a table -- >

    <table >

        <option name="showPager" >true</option >

        <option name="count" >20</option >

        <option name="drilldown" >all</option >

            <drilldown >

            <link target="_blank" >

                <![CDATA[/app/search/flashtimeline?q=search%20h<search > $click.value$ earliest="$earliest$" latest="$latest$"]] >

            </link >

        </drilldown >

        <option name="drilldown" >row</option >

    </table >      

</row >

   </form >

akazarov · ‎09-23-2014

Yes this is possible.
1. Upgrade to splunk 6.1.3
2. Install Application "Splunk 6.x Dashboard Examples" (download archive and install in your instance)
3. Check "Contextual Drilldown (In-page)" example. It is pretty simple.

View solution in original post

ygkr · ‎01-23-2017

@akazarov

I saw that example but in my case I need to pass two token values as depends.

with one token its working but its not working for multiple token can u plz help in passing the multiple tokens.

akazarov · ‎09-23-2014

Yes this is possible.
1. Upgrade to splunk 6.1.3
2. Install Application "Splunk 6.x Dashboard Examples" (download archive and install in your instance)
3. Check "Contextual Drilldown (In-page)" example. It is pretty simple.

pradeepkumarg · ‎09-04-2014

You can try

Sideviewutils - Gate module to achieve same page drill down

http://sideviewapps.com/apps/sideview-utils/

OR

If you are running Splunk 6.x you can make use of web framework to develop interactive views.

You can download Web Framework Tool Kit examples from apps.splunk.com

http://apps.splunk.com/app/1613/

How to setup dashboard drilldown so clicked value in table will return results on the same page?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases