I am trying to build a decent drilldown option and my current state is the following.
I have a timechart with the number of occurrences of multiple messageID's
If I click on one of my bars I am able to find the three "one-hour-timespans" with the highest count of events. (this way I am trying to get the timespans with the highest possibility, of containing the reason for an anomaly.)
The search:
index="myIndex" AND MVSMSG=ICH70001I earliest=$earliest$ latest=$latest$ | timechart COUNT span=1h | sort -COUNT | head 3
But what I'd like to do is, that the events of the three timespans are displayed, when I click on one of the bars.
Is that possible and how? I played around a lot with the map-command and some other things, but it seems I'm not able to do this on my own.
Thanks in advance.
... View more