Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is Firewall Dashboard dropdown not triggering any data?

cpsec
Loves-to-Learn Lots
‎06-21-2023 12:05 PM

Hello,

I'm new to Splunk and currently working on a firewall dashboard. I'm encountering issues with the coding, specifically regarding a dropdown firewall panel. My goal is to create a dropdown menu that lists 33 different firewalls, and when a firewall is selected, other panels should display the corresponding data. However, I'm facing a problem where selecting a firewall doesn't trigger any data to appear. I'm wondering if there's something missing or if I made a mistake in my implementation. Additionally, I have 333 host types, and I'm unsure of the best way to condense them into a single field.

Below, you'll find the code for my firewall dropdown menu and a total result panel. Any assistance would be greatly appreciated.

Thank you kindly.

<panel>
<input type="dropdown" token="firewall_token" searchWhenChanged="true">
<label>Search by Firewall:</label>
<choice value="All">All Firewalls</choice>
<choice value="ais-fw-a">Firewall 1</choice>
<choice value="ais-fw-b">Firewall 2</choice>
<!-- Add more choices for different firewalls -->
</input>
</panel>

<panel>
<title>Total Results</title>
<chart>
<search>
<query>
index=firewalls earliest="$time_earliest$" latest="$time_latest$"
| stats count by source
</query>
</search>
<option name="charting.chart">bar</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">all</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisMiddle</option>
</chart>
</panel>

Labels (3)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-21-2023 01:40 PM

Have you run the Total Result query in a search window to verify it returns results?  If the source field is null then stats will return nothing.  Also, verify the time_earliest and time_latest tokens exist.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

cpsec
Loves-to-Learn Lots
‎06-22-2023 07:04 AM

Indeed, I have confirmed that all the fields are functioning correctly and returning data when searched. However, I'm encountering difficulties with the functionality that allows me to switch between different firewalls and display the corresponding data for the selected firewall. Despite my efforts, this aspect of the dashboard is not functioning as expected.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-22-2023 01:25 PM

Please tell us more about these difficulties you're having.  What exactly are you doing, what do you expect to happen and what actually happens?  Is "Search on Change" enabled?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...