Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Dashboard: Split field into unknown number of separate fields and be clickable

hvdtol
Path Finder
‎05-25-2021 07:15 AM

Hi there,

I have challenge which i am not sure if this is possible in Splunk.

I have directory data with documents. On a dashboard i show a directory structure

...
| chart c by Directory extention
| addtotals fieldname="Total" labelfield=Directory col=t

Directory          doc    docx  dot Total
DIRA\DIRB     1462  1450 167 3079
Total                  1462  1450 167 3079

The user is able to click on a directory to drilldown and it shows the next subdirectory


Directory                                    doc     docx  dot    Total
DIRA\DIRB\DIRC1                1000   450    167    1617
DIRA\DIRB\DIRC2                462     1000   0        1462
Total                                           1462   1450   167   3079

next..
DIRA\DIRB\DIRC1\DIRX              900    0             166   1066
DIRA\DIRB\DIRC1\DIRY             100     1450      1        1551
Total                                                     1000    1450    167   2617

And so further...

My goal is this:
I would like my output to look like this: separate directory columns in chart lay-out
The reason is i want to be able to go-back to a higher directory level.
And this value should be clickable

dir1   dir2     dir3                   doc      docx  dot   Total
DIRA DIRB  DIRC1              1000    450   167  1617
DIRA DIRB  DIRC2               462      1000  0      1462

Is this somehow possible?

Regards,

Harry

Labels (1)
Labels
Tags (2)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-25-2021 07:21 AM

Hi @hvdtol,

I never used it, I only installed it on my pc to see it, but probably the Treewiz App could solve your need (https://splunkbase.splunk.com/app/5101/).

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...