< input type="dropdown" token="srcIP" >
< label>IP source< /label>
< fieldForLabel>res< /fieldForLabel>
< fieldForValue>src_ip< /fieldForValue>
< search >
< query >
| eval res=src_ip . " (" . hostname_src . ")"
| table res, src_ip
< /query>
< earliest>0< /earliest>
< latest>< /latest>
< /search >
< choice value="none">Aucune< /choice>
< default>none< /default>
< change >
< condition label="Aucune">
< unset token="show_panel_1">< /unset>
< set token="title_label_src">< /set>
< set token="src_by_clause">< /set>
< set token="src_set">false< /set>
< set token="src_ip_search">< /set>
< /condition>
< condition match="'dest_set' == "true"">
< set token="src_by_clause">< /set>
< set token="dest_by_clause">< /set>
< set token="show_panel_1">true< /set>
< set token="title_label_src">depuis $label$< /set>
< set token="src_set">true< /set>
< set token="src_ip_search">src_ip=$value$< /set>
< / condition>
< condition>
< set token="show_panel_1">true< /set>
< set token="title_label_src">depuis $label$< /set>
< set token="src_by_clause">by dest< /set>
< set token="src_set">true< /set>
< set token="src_ip_search">src_ip=$value$< /set>
< / condition>
< /change>
< /input>
< input type="dropdown" token="destIP" >
< label>IP destination< /label>
< fieldForLabel>res< /fieldForLabel>
< fieldForValue>dest_ip< /fieldForValue>
< search>
< query>
| eval res=dest_ip . "(" . hostname_dest . ")"
| table res, dest_ip
< /query>
< earliest>0< /earliest>
< latest>< /latest>
< /search >
< choice value="none">Aucune< /choice>
< default>none< /default>
< change>
< condition label="Aucune">
< unset token="show_panel_2">< /unset>
< set token="title_label_dest">< /set>
< set token="dest_by_clause">< /set>
< set token="dest_set">false< /set>
< set token="dest_ip_search">< /set>
< /condition>
< condition match="'src_set' == "true"">
< set token="src_by_clause">< /set>
< set token="dest_by_clause">< /set>
< set token="show_panel_2">true< /set>
< set token="title_label_dest">vers $label$< /set>
< set token="dest_set">true< /set>
< set token="dest_ip_search">dest_ip=$value$< /set>
< /condition>
< condition>
< set token="show_panel_2">true< /set>
< set token="title_label_dest">vers $label$< /set>
< set token="dest_by_clause">by src< /set>
< set token="dest_set">true< /set>
< set token="dest_ip_search">dest_ip=$value$< /set>
< /condition>
< /change>
< /input>
The search using this token :
< query>
$src_ip_search$ $dest_ip_search$
| stats sparkline count $src_by_clause$ $dest_by_clause$
< /query>
This input is populated by a search that return the IP source available. The second input is the same except it is for IP destination.
The first condition handle the default case that is none. At first I just have the last condition that handle the other cases. But I need to add the second condition to set the clause by of a stats command in a search. I want that if the first input as another choice than default it set the a token to "by dest" (for the search), reciprocally "by src" for the second input and no by clause if the two inputs are different from default. So I add the second condition to reset the token as empty if the other input as a choice different from the default
... View more