Hi All,
I hope someone could help, search is waiting for inputs when I try to first load the dashboard and even search doesn't work.
<form hideAppBar="false" hideEdit="false" hideFooter="true" hideSplunkBar="false" hideTitle="false">
<label>Activity by ID or IP ADDRESS</label>
<fieldset submitButton="true" autoRun="false">
<input type="text" token="id" searchWhenChanged="false">
<label>ID</label>
<default></default>
</input>
<input type="text" token="ip_address" searchWhenChanged="true">
<label>IP Address</label>
</input>
<input type="dropdown" token="timespan" searchWhenChanged="true">
<label>Previous Days</label>
<choice value="7">7</choice>
<choice value="14">14</choice>
<choice value="30">30</choice>
<choice value="60">60</choice>
<choice value="90">90</choice>
<choice value="120">120</choice>
<choice value="180">180</choice>
<choice value="9999">All</choice>
<default>30</default>
<initialValue>30</initialValue>
</input>
</fieldset>
<search id="baseSearch">
<query>| dbxquery connection=XXX maxrows=2000 query="select \"timeLoRes\" as ACTIVITY_TIMESTAMP,
\"category\",\"applicationId\",\"userId\",\"action\",\"action2\",\"action3\",\"policyId\",\"policyVersionId\",\"deviceId\",\"deviceHardwareId\",\"deviceOsType\",\"deviceOsVersion\",\"deviceModel\",\"sessionId\",\"deviceSessionId\",\"clientIp\",\"host\",\"errorCode\",\"errorMessage\",\"failure\"
from REPORTS.REPORTS
WHERE (\"userId\" = '$id$' OR \"clientIp\" = '$ip_address$')
AND \"category\" = 'User'
AND \"applicationId\" ='sso'
AND \"timeLoRes\" > (sysdate - $timespan$)" shortnames=true</query>
</search>
<row>
<panel>
<chart>
<title>SAC Successful</title>
<search base="baseSearch">
<query>| search action = assert_start AND action2 = token_response | eval _time=strptime( ACTIVITY_TIMESTAMP, "%Y-%m-%d %H:%M:%S" ) | timechart span=1d count by action2</query>
</search>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.axisTitleY.visibility">collapsed</option>
<option name="charting.chart">column</option>
<option name="charting.drilldown">all</option>
<option name="charting.legend.placement">bottom</option>
</chart>
</panel>
<panel>
<table>
<title>SAC Unsuccessful</title>
<search base="baseSearch">
<query>| search action = assertion_start AND action2 = reject | chart count by action2</query>
</search>
<option name="drilldown">cell</option>
</table>
</panel>
</row>
<row>
<panel>
<title>SAC bind successful</title>
<table>
<title>Results</title>
<search base="baseSearch">
<query>| search action = add_device_group | table ACTIVITY_TIMESTAMP,
category,applicationId,userId,action,action2,action3,policyId,policyVersionId,deviceId,deviceHardwareId,deviceOsType,deviceOsVersion,deviceModel,sessionId,deviceSessionId,clientIp,host,errorCode,errorMessage,failure</query>
</search>
<option name="count">30</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
<row>
<panel>
<title>SAC form </title>
<table>
<title>Results</title>
<search base="baseSearch">
<query>| search action = assertion_start AND action2 = form AND action3 = action | table ACTIVITY_TIMESTAMP,
category,applicationId,userId,action,action2,action3,policyId,policyVersionId,deviceId,deviceHardwareId,deviceOsType,deviceOsVersion,deviceModel,sessionId,deviceSessionId,clientIp,host,errorCode,errorMessage,failure</query>
</search>
<option name="count">30</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="rowNumbers">false</option>
<option name="wrap">true</option>
</table>
</panel>
</row>
</form>
I was not able to format the code part, apologies for pasting it as it is.
Just for the information - I have resolved the issue I had by adding <default></default> to the ip address as well. Hope this helps anyone who have similar issues.
<input type="text" token="ip_address" searchWhenChanged="true">
<label>IP Address</label>
<default></default>
</input>
Just for the information - I have resolved the issue I had by adding <default></default> to the ip address as well. Hope this helps anyone who have similar issues.
<input type="text" token="ip_address" searchWhenChanged="true">
<label>IP Address</label>
<default></default>
</input>
This is the same I had explained in my first reply. If you want to run the search on the dashboard load, you need to set default values.
Use the code sample </> to add your xml - edited for now.
On the load of the dashboard, searches are waiting for the input parameters .
What happens after you enter ID,IP Address and Previous days and then "Submit" ?
If you do not want the dashboard to wait for the inputs, you may set default values for input tokens and remove Submit button
When I enter the ID and choose the previous days and hit enter, there is no response. I tried to give IP address instead and there is response. then later I tried with ID and it gives the result once I hit the submit button.
I have tried to refresh the dashboard and gave the ID and tried again, tried opening the search it shows undefined from the dashboard. Not sure whats happening with ID field.