Google Analytic

2016年4月26日 星期二

Splunk Dashboard Drilldown Implementation 報表連結範例



Splunk 一大特色就是可以很快地上手並設計出簡易的商務統計報表(這裡的報表指的是Dashboard唷),而一份好的分析會從幾個面向去思考,最簡單的邏輯就是由大而小,逐漸具體。

 而這時候通常也無法用只用一張報表說明,這時就需要一些特定的轉場或連結,splunk有個術語叫drilldown


 通常一張表格做好後,就有基本預設的連動,就是點了什麼就會將變數帶入相關的搜尋,如下:

drilldown有基本三種型式而設置的步驟,都如下圖簡述:

而如果想要drilldown到特定的表格或dashboard,基本上就是要在dashborad的xml/html模式下進行設置而這就是custom drilldown或是官網指的Dynamic drilldown(介紹頁: http://docs.splunk.com/Documentation/Splunk/6.2.0/Viz/Understandbasictableandchartdrilldownactions )
在xml中Dynamic drilldown有幾個關鍵要素就是<drilldown></drilldown>,下面有三種設置
  1. <drilldown> Define custom destinations. Parent element of the other dynamic drilldown elements.
  2. <condition> Specify fields that generate drilldown actions.
  3. <link> Specify a target destination for a detailed search.
  4. <set> Publish global tokens that can be consumed by any other element or search within a dashboard. Use <set> and <unset> when displaying drilldown results on the same dashboard. See Contextual drilldown elements.
  5. <unset> Remove a token that was previously set. Use <set> and <unset> when displaying drilldown results on the same dashboard. Use <set> and <unset> when displaying drilldown results on the same dashboard. See Contextual drilldown elements.
官網Dynamic drilldown範例:
<dashboard>
  <label>Dynamic Drilldown</label> ###A
  <row>
    <panel>
      <table>
        <search>
          <query>index="_internal" | chart count by sourcetype | sort sourcetype</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
        </search>
        <drilldown>
          <link target="_blank">
            /apps/MyApp/drilldown_dynamic_target_form?form.src_type_tok=$row.sourcetype$
          </link>
        </drilldown>
        <option name="drilldown">row</option>
      </table>
    </panel>
  </row>
</dashboard>





<form>
  <label>Dynamic Drilldown (Target Form)</label>  ###B
  <description/>
  <fieldset submitButton="false" autoRun="true">
    <input type="text" token="src_type_tok" searchWhenChanged="true">
      <label>Source type</label>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <title>Source type details</title>
        <search>
          <query>
            index=_internal | timechart span=1week count by $src_type_tok$
          </query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
        </search>
        <option name="charting.chart">column</option>
      </chart>
    </panel>
  </row>
</form>


官網的範例是利用###A聯結到###B運算後的表,聯結段<drilldown><link>...</link></drilldown>的用法解釋如下圖,是在另外一份官方conference文件找到的:

實際設置如下:
<dashboard>
  <label>Dynamic Drilldown</label>
  <row>
    <panel>
      <table>
        <search>
          <query>index="_internal" | chart count by sourcetype | sort sourcetype</query>
          <earliest>-7d@h</earliest>
          <latest>now</latest>
        </search>
        <drilldown>
          <link target="_blank">
            /app/<ur_app_name>/<form_name>?form.src_type_tok=$row.sourcetype$            
          </link>
        </drilldown>
        <option name="drilldown">row</option>
      </table>
    </panel>
  </row>
</dashboard>

另外,如果只單純要聯結到其他表格或面板的話,可以利用a href標籤:
  <html>     
        <a href="/app/<ur_app_name>/<form_name>">Hyperlink</a>
  </html>
張貼者: Tomaso Life
標籤: ,
,
,
,
,
,
,
,
,


沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)
Related Posts Plugin for WordPress, Blogger...