Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is Firewall Dashboard dropdown not triggering any data?

cpsec
Loves-to-Learn Lots
‎06-21-2023 12:05 PM

Hello,

I'm new to Splunk and currently working on a firewall dashboard. I'm encountering issues with the coding, specifically regarding a dropdown firewall panel. My goal is to create a dropdown menu that lists 33 different firewalls, and when a firewall is selected, other panels should display the corresponding data. However, I'm facing a problem where selecting a firewall doesn't trigger any data to appear. I'm wondering if there's something missing or if I made a mistake in my implementation. Additionally, I have 333 host types, and I'm unsure of the best way to condense them into a single field.

Below, you'll find the code for my firewall dropdown menu and a total result panel. Any assistance would be greatly appreciated.

Thank you kindly.

<panel>
<input type="dropdown" token="firewall_token" searchWhenChanged="true">
<label>Search by Firewall:</label>
<choice value="All">All Firewalls</choice>
<choice value="ais-fw-a">Firewall 1</choice>
<choice value="ais-fw-b">Firewall 2</choice>
<!-- Add more choices for different firewalls -->
</input>
</panel>

<panel>
<title>Total Results</title>
<chart>
<search>
<query>
index=firewalls earliest="$time_earliest$" latest="$time_latest$"
| stats count by source
</query>
</search>
<option name="charting.chart">bar</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">all</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisMiddle</option>
</chart>
</panel>

Labels (3)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-21-2023 01:40 PM

Have you run the Total Result query in a search window to verify it returns results?  If the source field is null then stats will return nothing.  Also, verify the time_earliest and time_latest tokens exist.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

cpsec
Loves-to-Learn Lots
‎06-22-2023 07:04 AM

Indeed, I have confirmed that all the fields are functioning correctly and returning data when searched. However, I'm encountering difficulties with the functionality that allows me to switch between different firewalls and display the corresponding data for the selected firewall. Despite my efforts, this aspect of the dashboard is not functioning as expected.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-22-2023 01:25 PM

Please tell us more about these difficulties you're having.  What exactly are you doing, what do you expect to happen and what actually happens?  Is "Search on Change" enabled?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...