Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why is Firewall Dashboard dropdown not triggering any data?

cpsec
Loves-to-Learn Lots
‎06-21-2023 12:05 PM

Hello,

I'm new to Splunk and currently working on a firewall dashboard. I'm encountering issues with the coding, specifically regarding a dropdown firewall panel. My goal is to create a dropdown menu that lists 33 different firewalls, and when a firewall is selected, other panels should display the corresponding data. However, I'm facing a problem where selecting a firewall doesn't trigger any data to appear. I'm wondering if there's something missing or if I made a mistake in my implementation. Additionally, I have 333 host types, and I'm unsure of the best way to condense them into a single field.

Below, you'll find the code for my firewall dropdown menu and a total result panel. Any assistance would be greatly appreciated.

Thank you kindly.

<panel>
<input type="dropdown" token="firewall_token" searchWhenChanged="true">
<label>Search by Firewall:</label>
<choice value="All">All Firewalls</choice>
<choice value="ais-fw-a">Firewall 1</choice>
<choice value="ais-fw-b">Firewall 2</choice>
<!-- Add more choices for different firewalls -->
</input>
</panel>

<panel>
<title>Total Results</title>
<chart>
<search>
<query>
index=firewalls earliest="$time_earliest$" latest="$time_latest$"
| stats count by source
</query>
</search>
<option name="charting.chart">bar</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">all</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisMiddle</option>
</chart>
</panel>

Labels (3)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-21-2023 01:40 PM

Have you run the Total Result query in a search window to verify it returns results?  If the source field is null then stats will return nothing.  Also, verify the time_earliest and time_latest tokens exist.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

cpsec
Loves-to-Learn Lots
‎06-22-2023 07:04 AM

Indeed, I have confirmed that all the fields are functioning correctly and returning data when searched. However, I'm encountering difficulties with the functionality that allows me to switch between different firewalls and display the corresponding data for the selected firewall. Despite my efforts, this aspect of the dashboard is not functioning as expected.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-22-2023 01:25 PM

Please tell us more about these difficulties you're having.  What exactly are you doing, what do you expect to happen and what actually happens?  Is "Search on Change" enabled?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...