Hello, and thank you for your help! Here is my what my dashboard looks like now: <event>
<search>
<query>$case_token$ sourcetype=hayabusa $host_token$ $level_token$ $rule_token$
| fields Timestam...
See more...
Hello, and thank you for your help! Here is my what my dashboard looks like now: <event>
<search>
<query>$case_token$ sourcetype=hayabusa $host_token$ $level_token$ $rule_token$
| fields Timestamp, host, Computer, Level, Channel, RecordID, EventID, Ruletitle, Details</query>
</search>
<fields>Timestamp, host, Computer, Level, Channel, RecordID, EventID, RuleTitle, Details, _time</fields>
<option name="count">50</option>
<option name="list.drilldown">none</option>
<option name="list.wrap">1</option>
<option name="raw.drilldown">none</option>
<option name="refresh.display">progressbar</option>
<option name="table.drilldown">all</option>
<option name="table.sortDirect">asc</option>
<option name="table.wrap">1</option>
<option name="type">table</option>
<drilldown>
<condition field="Channel">
<set token="channel_token">$click.value$</set>
</condition>
</drilldown>
</event> Here is what the corresponding search looks like: index=test-index sourcetype=hayabusa host=* Level=* RuleType=*
| fields Timestamp, host, Computer, Level, Channel, RecordID, EventID, Ruletitle, Details