Dashboards & Visualizations

Duplicate labels causing conflict-Drop Down

ashishlal82
Explorer

Authorized_List
This Dashboard presents List of Assets with number of Authorized and Unauthorized files

<panel>
  <title>Number of Authorized And Unauthorized Files by Assets</title>
  <chart>
    <title>Authorized_Files</title>
    <search ref="Authorized_Files"></search>
    <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
    <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
    <option name="charting.axisTitleX.visibility">visible</option>
    <option name="charting.axisTitleY.visibility">visible</option>
    <option name="charting.axisTitleY2.visibility">visible</option>
    <option name="charting.axisX.scale">linear</option>
    <option name="charting.axisY.scale">linear</option>
    <option name="charting.axisY2.enabled">0</option>
    <option name="charting.axisY2.scale">inherit</option>
    <option name="charting.chart">bar</option>
    <option name="charting.chart.bubbleMaximumSize">50</option>
    <option name="charting.chart.bubbleMinimumSize">10</option>
    <option name="charting.chart.bubbleSizeBy">area</option>
    <option name="charting.chart.nullValueMode">gaps</option>
    <option name="charting.chart.showDataLabels">none</option>
    <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
    <option name="charting.chart.stackMode">stacked</option>
    <option name="charting.chart.style">shiny</option>
    <option name="charting.drilldown">all</option>
    <option name="charting.layout.splitSeries">0</option>
    <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
    <option name="charting.legend.placement">right</option>
  </chart>
</panel>


<panel>
  <input type="dropdown" token="host_tok">
    <label>HostName</label>
    <search>
      <query>index=bigfix sourcetype=software | table HostName</query>
      <earliest>-30d@d</earliest>
      <latest>now</latest>
    </search>
    <fieldForLabel>HostName</fieldForLabel>
    <fieldForValue>HostName</fieldForValue>
  </input>
  <input type="dropdown" token="auth_tok">
    <label>Authorized/Unauthorized</label>
    <search>
      <query>index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |table Hashes_allow_or_deny</query>
    </search>
    <fieldForLabel>Hashes_allow_or_deny</fieldForLabel>
    <fieldForValue>Hashes_allow_or_deny</fieldForValue>
  </input>
  <table>
    <title>Input selections:$host_tok$,$auth_tok$</title>
    <search>
      <query>index=bigfix sourcetype=software |stats values(fileName) by HostName | where HostName=$host_tok$ </query>
      <earliest>0</earliest>
    </search>
    <option name="wrap">undefined</option>
    <option name="rowNumbers">undefined</option>
    <option name="drilldown">row</option>
    <option name="dataOverlayMode">none</option>
    <option name="count">10</option>
  </table>
</panel>
Tags (3)
0 Karma

sundareshr
Legend

Or just add a dedup <<name of the column>> before the table command in the query for each dropdown

0 Karma

vasanthmss
Motivator

Try to change the two of the drop down search query and avoid the duplicates,

Drop down 1:
Original index=bigfix sourcetype=software | table HostName
new index=bigfix sourcetype=software | stats count by HostName

Drop down 2:

original: index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |table Hashes_allow_or_deny

New: index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |stats count by Hashes_allow_or_deny

Note: Only change is in the table command. Instead of table used stats count by

V
0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...