I did build a Dashboard with a base search and five panels, all based on the base search. Somehow, two of five panels are not working.
Can anybody tell me why?
Base Part - this is working with 3 of 5 Panels:
<label>3rdsearch</label>
<search id="basis">
<query>index=mail-security
| transaction keepevicted=true icid mid
| search policy_direction="inbound"
| eval msec_default_threat_reason =coalesce(case(spam_verdict="positive","Spam Detected",av_verdict="positive","Virus Detected",content_filter="content filter","Stopped by Content Filter",invalid_recipient="rejected by SMTP Call-Ahead","Stopped as Invalid Recipients",msec_default_reputationfilter="REJECT SG BLACKLIST","Stopped by Reputation Filtering", vof_verdict="positive","outbreak"),"Clean Messages")</query>
</search>
<fieldset autoRun="false" submitButton="true">
<input type="time" searchWhenChanged="false" token="zeit">
<default>
<earliest>-15m</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
One of the Panels which is not working:
<row>
<panel>
<title>Top Domain by Total Threat Messages</title>
<chart>
<search base="basis">
<query>| search NOT msec_default_threat_reason="outbreak" NOT msec_default_threat_reason="Clean Messages"
| rex field=recipient "@(?<msec_default_recipient_domain>.+\.\w+)$"
| rex field=sender "@(?<msec_default_sender_domain>.+\.\w+)$"
| top limit=10 msec_default_sender_domain countfield=Messages</query>
</search>
<option name="charting.legend.placement">none</option><option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.layout.splitSeries">0</option><option name="charting.drilldown">all</option>
<option name="charting.chart.style">shiny</option><option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option><option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.bubbleSizeBy">area</option><option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleMaximumSize">50</option><option name="charting.chart">bar</option>
<option name="charting.axisY2.scale">inherit</option><option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY.scale">linear</option><option name="charting.axisX.scale">linear</option>
<option name="charting.axisTitleY2.visibility">visible</option><option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleX.visibility">collapsed</option><option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option><option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
</chart>
</panel>
</row>
... View more
