How to drilldown from table with specific search?

sdickerson · ‎03-19-2019

I am displaying a table list and I would like to be able to click an individual row in the list and display a chart for latency. Below is my current dashboard code:

Apigee Status Dashboard

<input type="time" token="APITime" searchWhenChanged="true">
  <label>Time</label>
  <default>
    <earliestTime>-7d@d</earliestTime>
    <latestTime>now</latestTime>
  </default>
</input>
<input type="radio" token="envselect">
  <label>Apigee Environment</label>
  <choice value="mock">MOCK</choice>
  <choice value="dev">DEV</choice>
</input> 

<panel>
  <table>
    <title>Apigee HTTP Status Codes</title>
    <searchString>index=apigee host=$envselect$ | eval xStatuscode=coalesce(tonumber('response.status.code'),tonumber('error.status.code'),tonumber('statuscode')) | top limit=0 xStatuscode showperc=f</searchString>
    <earliestTime>$APITime.earliest$</earliestTime>
    <latestTime>$APITime.latest$</latestTime>
    <option name="wrap">true</option>
    <option name="rowNumbers">true</option>
    <option name="dataOverlayMode">none</option>
    <option name="drilldown">cell</option>
    <option name="count">50</option>
  </table>
</panel>  

<panel>
  <table>
    <title>API Proxy List</title>
    <searchString>index=apigee host=$envselect$ | stats count by apiproxy.name</searchString>
    <earliestTime>$APITime.earliest$</earliestTime>
    <latestTime>$APITime.latest$</latestTime>
    <option name="wrap">true</option>
    <option name="rowNumbers">true</option>
    <option name="dataOverlayMode">none</option>
    <option name="drilldown">cell</option>
    <option name="count">50</option>

  </table>
</panel>

In the last section I am generating a list from the apiproxy.name field. What I would like is to be able to drilldown on an individual row and have it display the following chart:

index=apigee sourcetype=_json "apiproxy.name"=GetQuoteServices_v1_Manual | timechart span=1m avg(latencyTarget) avg(latencyProxy) avg(latencyTotal)

I am not really sure where to begin on this as I have never attempted it before. I assume this would be a drilldown but where would I add the notation for it to do this functionality? Any and all help is appreciated.

rajyah · ‎03-20-2019

Hi,

Try checking this: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEUY

Regards,
Raj

pkeenan87 · ‎03-19-2019

You will need to set a token on the drilldown and then create another panel that is dependent on that token, in other words it wont be visible until you click on one of the apiproxy.name fields. Here is some example code (you may need to modify it depending on whether or not you want a line chart etc.):

 <panel>
 <table>
 <title>API Proxy List</title>
 <searchString>index=apigee host=$envselect$ | stats count by apiproxy.name</searchString>
 <earliestTime>$APITime.earliest$</earliestTime>
 <latestTime>$APITime.latest$</latestTime>
 <option name="wrap">true</option>
 <option name="rowNumbers">true</option>
 <option name="dataOverlayMode">none</option>
  <drilldown>
      <set token="showChart">$row.apiproxy.name$</set>
  </drilldown>
 <option name="count">50</option>

 </table>
 </panel>

<panel depends="$showChart$">
  <title>$showChart$</title>
  <chart>
    <search>
      <query>index=apigee sourcetype=_json "apiproxy.name"=$showChart$ | timechart span=1m avg(latencyTarget) avg(latencyProxy) avg(latencyTotal)</query>
      <earliest>-24h@h</earliest>
      <latest>now</latest>
    </search>
    <option name="charting.chart">line</option>
    <option name="charting.drilldown">none</option>
  </chart>
</panel>

You can do most of this through the UI, here is the link to the docs: https://docs.splunk.com/Documentation/Splunk/7.2.4/Viz/ContextualDrilldown

How to drilldown from table with specific search?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases