Spread our blog

Drilldown On Linechart Based On “Time”

Today we are back with another trick, today we will create a line chart visualization with “_time” field in the X-axis and  then we will try to pass the values of  “_time” field values using drill-down.

Step 1:
We have used the below query as our main panel.

index="_internal"  sourcetype=splunkd_ui_access
| timechart span=1h@h count(method) by status

1

Explanation:
Here we took data from “_internal” index and sourcetype name is “splunkd_ui_access” . Then we have used “timechart” command to fetch the count of method field values group by status field values on the basis of time. Also set the span of one hour.
Then we have saved this query in a dashboard called “New Dashboard”, and we have changed the visualization into a “Line chart”.

2

Step 2:
Our next job is to create a panel for drill-down, where we have used the same query as the main panel.

index="_internal"  sourcetype=splunkd_ui_access
| timechart span=1h@h count(method) by status

After that, we have added that to the existing dashboard as our drill down panel.
Step 3:
Now go to the dashboard and click on “Edit” and go to the Source code and make the following changes as shown below.

3

Explanation:
At 1st to enable the drill-down, set the following “option” tag as “all”.
Then within the drill-down tag, we have created two tokens for the “earliest” and “latest”, these two tokens are responsible for the following task.
Then within the drill-down panel add ‘depends=”$jnl_mb_earliest$” ’ to hide the panel. The following drill-down panel will only show whenever “jnl_mb_earliest” token will set to true.
And finally, add the tokens within the search query of the drill-down panel as earliest=”$jnl_mb_earliest$” latest=”$jnl_mb_latest$”.

NOTE: $earliest$ - earliest time for the clicked chart segment.
      $latest$ - latest time for the clicked chart segment.

Now save this and refresh the dashboard.
Now take a look.

You can also know about :  How to Display Custom Message in Place of "No results found." in SPLUNK Dashboard

4
Whenever you will click at any point of the line chart, drill-down panel will open below and it will show the data only for that particular time.

 
Happy Splunking!!

What’s your Reaction?
+1
1
+1
+1
1
+1
+1
+1
+1

Spread our blog

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here