Splunk : Using DrillDown to connect two dashboards

Splunk does provide an option to connect 2 dashboards using drilldown option, that means when we click on any dashboard output it will open linked dashboard rather than search string. We can use drilldown option to map with specific dashboards or can take input from one dashboard and pass as variables to the next one.

  • Using Static Link:-  In order to create the drilldown mapping for any given panel on the dashboard we just simply add the following piece of code replacing mapped dashboard address.

setting drilldown option to all for generic cases

<option name=“drilldown”>all</option>

For Charts: – 

<option name=“charting.drilldown”>all</option>

For Tables: – 

<option name=“drilldown”>cell</option>


<link> /app/APP_NAME/Dashboard_Name </link>


  • Using with fix tokens:-

<option name=“drilldown”>all</option>


<link> /app/APP_NAME/Dashboard_Name?form.tkn_Time.earlier=-60m@m&form.tkn_Time.latest=@m </link>


Here @m will provide start time from start of the minute and again in the latest till the end of last minute.

  • Using dynamic field values:-  We can also use data published in the current dashboard as input for another dashboard. for e.g. we have dashboard providing the summary of placed orders at given time and another dashboard providing details of individual order from order id. Using drilldown we can link this 2 dashboard allowing users to any order data just by clicking order-id rather than searching and opening two dashboards every time.


<drilldown target=“_blank”>

<condition field=“ORDERID”>

<set token=“src_token”>$row.ORDERID$</set>


</condition> </drilldown>


In above examples token values can be changed as per your requriment.


