How to Create Multi-Link Drilldown from a Stacked Column Chart in Splunk
Hi guys !!
We have come with another interesting of Splunk. In order to making our dashboards more attractive we create drilldown in Splunk . There are lots of options with drilldown in Splunk.
You all have seen the stack option while formatting the column chart in dashboard. Now we will show you how to pass the values from stacked column chart depending upon your click.
Step 1 :
Make a dashboard with column chart visualization in stacked format. Dashboard name is Multi_Link_Drilldown. The query for main dashboard is given below.
index=_internal file=shelper OR file=control OR file=splunkd
| timechart span=1d count(status) by file
Step 2:
Create separate dashboards which you want to make dependent upon the main dashboard. Here we have created three dashboards. Those are following
Control_Drilldown
Query for the Control_Drilldown dashboard is given below.
index=_internal file=control
| stats count by sourcetype
Splunkd_Drilldown
Query for the Splunkd_Drilldown dashboard is given below.
index=_internal file=splunkd
| stats count by clientip
| sort – count
Shelper_Drilldown
Query for the Shelper_Drilldown dashboard is given below.
index=_internal file=shelper
| stats count
Step 3:
Now edit the source code of main dashboard. Click on Edit and the then click on Source.
Step 4:
Now edit the source code of main dashboard as follows.
<drilldown>
<link field=”shelper” target=”_blank”>/app/search/shelper_drilldown?shelper_token=$click.name2$</link>
<link field=”splunkd” target=”_blank”>/app/search/splunkd_drilldown?splunkd_token=$click.name2$</link>
<link field=”control” target=”_blank”>/app/search/control_drilldown?control_token=$click.name2$</link>
</drilldown>
Here in stacked mode every portion is a field name so inside the link tag we have given field name for each portion by field attribute and by the target attribute links will be opened in a new tab.
After that we have to give the url of the dependent dashboards. As we have mentioned in the Step 2 by red rectangular boxes.
For Control_Drilldown dashboard url will be /app/search/control_drilldown
For Splunkd_Drilldown dashboard url will be /app/search/splunkd_drilldown
For Shelper_Drilldown dashboard url will be /app/search/shelper_drilldown
Also you have to pass the token values depending upon click so we have given token names and action is will be $click.name2$ . By the $click.name2$ field names will pass.
For Control_Drilldown dashboard token name will be control_token.
For Splunkd_Drilldown dashboard token name will be splunkd_token.
For Shelper_Drilldown dashboard token name will be shelper_token.
Also make sure that <option name=”charting.drilldown”>all</option> set as all . If not then set as all.
After making changes into the source code click on Save button to save the changes. Now if you click any portion of a particular column then depending upon your click dashboards will be opened in a new tab.
Step 5:
You have to pass the token inside the panels to get the data depending upon the token value.
For Control_Drilldown dashboard click on Edit button in Control_Drilldown dashboard and then click on Edit Search option in the panel. Modify the query as follow.
Click on Apply button and then click on Save to save the changes. Here control_token is the token name which we have given in the main dashboard . Token should be enclosed by “$” sign.
For Splunkd_Drilldown dashboard click on Edit button in Splunkd_Drilldown dashboard and then click on Edit Search option in the panel. Modify the query as follow.
Click on Apply button and then click on Save to save the changes. Here splunkd_token is the token name which we have given in the main dashboard . Token should be enclosed by “$” sign.
For Shelper_Drilldown dashboard click on Edit button in Shelper_Drilldown dashboard and then click on Edit Search option in the panel. Modify the query as follow.
Click on Apply button and then click on Save to save the changes. Here shelper_token is the token name which we have given in the main dashboard . Token should be enclosed by “$” sign.
Hope this has helped you in achieving the below requirement without fail:
How to Create Multi-Link Drilldown from a Stacked Column Chart in Splunk
Happy Splunking !!
Hi,
Can you create a post clearly explaining the tokens in splunk like $click.name2$, $click.value$ etc. ?
Yes Kiran, we are on it
hey is this possible with table where let say under host column there are 3 different host webhost dbhost infrahost
so if i click on webhost it should go to web dependant dashboard and so on..