Hi,
I would like to automate the search results Next the sourcetype but also according to the source IP address.
The code:
<form>
Have you any idea?
Try this
<form>
<label>Dynamic Source</label>
<fieldset autoRun="true">
<input type="dropdown" token="sourcetype" searchWhenChanged="false">
<label>Sourcetype</label>
<choice value="*">All</choice>
<default>*</default>
<populatingSearch fieldForValue="sourcetype" fieldForLabel="sourcetype">
<![CDATA[|metadata type=sourcetypes index=* | stats count by sourcetype]]>
</populatingSearch>
</input>
<input type="text" token="ipAddress">
<label>IP Address(format XXX.XXX.XXX.XXX)</label>
<default />
</input>
</fieldset>
<row>
<panel>
<table>
<title>Top 5 source</title>
<searchString>index=* sourcetype="$sourcetype$" src="$ipAddress$"| stats sum(sent) as send sum(rcvd) as receive by dst | sort - send,receive | head 10 </searchString>
</table>
</panel>
</row>
</form>
Try this
<form>
<label>Dynamic Source</label>
<fieldset autoRun="true">
<input type="dropdown" token="sourcetype" searchWhenChanged="false">
<label>Sourcetype</label>
<choice value="*">All</choice>
<default>*</default>
<populatingSearch fieldForValue="sourcetype" fieldForLabel="sourcetype">
<![CDATA[|metadata type=sourcetypes index=* | stats count by sourcetype]]>
</populatingSearch>
</input>
<input type="text" token="ipAddress">
<label>IP Address(format XXX.XXX.XXX.XXX)</label>
<default />
</input>
</fieldset>
<row>
<panel>
<table>
<title>Top 5 source</title>
<searchString>index=* sourcetype="$sourcetype$" src="$ipAddress$"| stats sum(sent) as send sum(rcvd) as receive by dst | sort - send,receive | head 10 </searchString>
</table>
</panel>
</row>
</form>
Again thanks.
yes, it's true a textbox would be more practical.
You want a dropdown for source IPs or a textbox (manual input)?