Hey,
Pretty new to Splunk here, and I can't seem to find what I'm looking for in the answers page (maybe I'm missing the relevant searches).
I've got data that I'm creating a time chart for. It essentially is a value fed into a logfile every 15 minutes, like this:
CustomerID = 1 ApplicationID = 1 DateTime = 2013-02-01 06:45:00 Location = xxyy Value = 1 MetricName = Number of Transactions
The variables of interest are DateTime and Value. I use the Location to provide further granularity if necessary.
If I've set up a form that does a timechart search, and the default search period is the last week, is there a way to create a drilldown on the data that re-creates the search visualisation across the time range of the selected data? Eg, if I click on one of the bars that shows this metric over the period of a day, can I get the visualisation in my dashboard/form to refresh to the show the results for that day?
For reference, my search string is something like this:
"MetricName = Number of Transactions" | timechart sum(Value) by Location useother=f limit=25