How to redirect from a search result to a second s...

abhi04 · ‎02-15-2018

How to redirect from a search result to a second search in a dashboard.
I have a panel in dashboard which displays exceptions count by data centre. Now what I want is that if someone clicks on the data centre exceptions count it should show the count by exceptions and not the entire events.
Can someone help me on this.

493669 · ‎02-15-2018

on clicking on exception count do you want to show in same panel or different panel?
if its different panel then use set token and use token in your query
try this run anywhere search:

<dashboard>
  <label>click test</label>
  <row>
    <panel>
      <table>
        <title>search</title>
        <search>
          <query>index=_internal sourcetype=$count_field$| stats count by sourcetype source</query>
          <earliest>-15m@m</earliest>
          <latest>now</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">true</option>
        <option name="drilldown">row</option>
        <option name="dataOverlayMode">none</option>
        <option name="count">10</option>

        <drilldown>
          <set token="count_field">$click.value$</set>
        </drilldown>
      </table>
    </panel depends="$count_field$">
  </row>
  <row>
    <panel>
      <table>
        <title>$count_field$</title>
        <search>
          <query>index=_internal| stats count by source</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</dashboard>

How to redirect from a search result to a second search in a dashboard?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability