Refine your search:

Cell drilldown sending null

0

I was reading the docs here

and trying to get cell drilldown to work, but not having much luck. I set the value of drilldown to "all" and to "cell" but in either case, the search that is created places "null" in the stringreplace'd search.

Here's the advanced xml I have so far.

          <module name="SimpleResultsTable" layoutPanel="panel_row1_col1">
            <param name="drilldown">cell</param>
            <param name="displayRowNumbers">False</param>
            <module name="HiddenSearch" layoutPanel="panel_row1_col2">
              <param name="search">Successful NOT 172.16.12.* (sourceNetworkAddress != "-" AND sourceNetworkAddress != "127.0.0.1") | lookup dnsLookup ip AS sourceNetworkAddress OUTPUTNEW host AS hostname | stats values(username) as Users by sourceNetworkAddress, hostname | sort -Users | search hostname="$hostname$" | mvexpand Users | table Users</param>
              <module name="ConvertToIntention">
                <param name="intention">
                  <param name="name">stringreplace</param>
                  <param name="arg">
                    <param name="hostname">
                      <param name="value">$click.value$</param>
                    </param>
                  </param>
                </param>
                <module name="SimpleResultsTable" layoutPanel="panel_row1_col2"/>
              </module>
            </module>
          </module>

When I look at the job that is fired off though, I see this

...| sort -Users | search hostname="null" | mvexpand Users |...

Scratching my head trying to figure out how I can get the clicked value into my intention.

The output from the hidden search above it is a table looks like this

sourceNetworkAddress hostname dcUserCnt

172.16.12.234 host3.site.org 2

172.16.12.204 host2.site.org 1

172.16.12.205 host1.site.org 1

And is created with the hidden search 

<param name="search">Successful NOT 172.16.12.* (sourceNetworkAddress != "-" AND sourceNetworkAddress != "127.0.0.1") | lookup dnsLookup ip AS sourceNetworkAddress OUTPUTNEW host AS hostname | stats dc(username) as dcUserCnt by sourceNetworkAddress, hostname | sort -dcUserCnt | search hostname="$hostname$"</param>

asked 28 Sep '10, 19:38

caphrim007's gravatar image

caphrim007
19510
accept rate: 50%

One Answer:
oldestnewestmost voted
4

Well, '$click.value$' is always the cell value from the first column.

Assuming you have a search like 

chart avg(duration) over user by host

and you click on a cell within a table configured with 'cell' drilldown, here's the full description of the keys available downstream:

$click.name$   -- the name of the first column (ie host)
$click.value$  -- the value of the first column, in the row you clicked upon. (bob)
$click.name2$  -- the name of the column clicked upon  (ie host172)
$click.value2$ -- the string value of the cell clicked  upon (ie 95.42)

So perhaps the first column of this table for some reason is actually blank? that's the only thing I can think of. Or maybe it's _time because _time values from chart/table drilldown cannot be used in stringreplace intentions (obscure but known limitation of custom drilldown wiring).

link

answered 28 Sep '10, 20:09

nick's gravatar image

nick ♦
14.2k1318
accept rate: 46%

Captain Obvious to the rescue here; duh Tim. Thanks nick, value was indeed the value of the first column, value2 the next, etc. Dunno how I missed that : )

(28 Sep '10, 20:22) caphrim007
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×91
×15

Asked: 28 Sep '10, 19:38

Seen: 501 times

Last updated: 28 Sep '10, 20:09

Related questions

Disable Chart Legend Drilldown - Keep Chart Cell Drilldown

Disable drilldown on specific cell in SimpleResultsTable

Drilldown with stringreplace intention?

Adding intention to second drilldown search

Can one dropdown be driven by another dropdown in Simple XML

Chart Legend Drilldown

Copyright © 2005-2012 Splunk, Inc. All rights reserved.