Version:

Customizable Drilldown from Dashboard Widgets

Customizable drill-down options are available in dashboard widgets. You can get more information from your search queries. Using drill down in your dashboard widgets lets you look at specific details of query results.

For example, when viewing results that include the destination_address, destination_port, source_address, and source_port in the query you can drill down in each individual parameter.

Here are two scenario examples.

Non-Empty Search from Widget

A widget with the following search query:

destination_address=* | timechart count() by destination_port
../../_images/LP_DB_CDDW_NESW_Widget1.png

The query results are displayed as a graph.

../../_images/LP_DB_CDDW_NESW_Widget2.png

You can toggle between edit and non-edit mode. In edit mode, you can select the graph type, for example Clustered Line Chart, Stacked Column Chart, and Tables. In non-edit mode, you can drill down.

../../_images/LP_DB_CDDW_NESW_Widget_EditMode.png

Edit and Non Edit Mode

Select destination_port: 80 and count(): 3 for to drill down.

../../_images/LP_DB_CDDW_NESW_Widget_Drilldown.png

Drilldown

When you click on the highlighted result, you get the option to drill down one of the following specific parameters:

  1. Filter

  2. Drill down by

  3. Top 10 drill-down by

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection.png

The Filter drilldown searches on Range, destination_port and count(). The Drilldown by and Top 10 drill-down searches for the destination_address.

The results of all three drilldown types can be opened and viewed in the same window or a new window. Enable Range.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_Filter.png

When drilling down on the Range value, the results opens on the same page.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_SearchResult.png

When drilling down on “destination_port”=138, the results for the destination port opens in the same page.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_SearchResult_Drilldown1.png

Drill down on destination_port

When the drilling down is carried out on “count()”=3, the search results for the count open on the same page.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_SearchResult_Drilldown2.png

Drill down on count()

When drilling down on destination_address, the results open in the same page.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_SearchResult_Drilldown3.png

Drill down on destination_address

When drilling down on the destination_address, the results open in the same page.

../../_images/LP_DB_CDDW_NESW_Widget_HighlightedSection_SearchResult_Drilldown4.png

Top 10 Drilldown by destination_address

Empty Search from Widget

This widget has no search query.

../../_images/LP_DB_CDDW_NESW_CreateWidget.png

A blank query looks like this.

../../_images/LP_DB_CDDW_ESW_Widget1.png

The results of a blank query are only the logs collected for the specified range of time, no graphs. You can refine the search query by clicking the on specific parts of the search results, for example key-value pair, or a raw log message. This starts a of search based on the selected parameter.

For example, if you click syslog:

../../_images/LP_DB_CDDW_ESW_Widget2.png

This opens the search result of the query “col_type”=”syslog”. The graph used depends on what you select.

../../_images/LP_DB_CDDW_ESW_Widget2_SearchResult.png

Now you can drill down. When you hover a specific part of the search results, you can drill down to get more details.

../../_images/LP_DB_CDDW_ESW_Widget2_SearchResult_Tooltip.png
../../_images/LP_DB_CDDW_ESW_Widget2_SearchResult_Filter.png
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support