I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from AD and others coming from routers). I have text search boxes that tie to all the panels and populate data when it's available.
My question is, how do I omit results in a panel that looks at router logs and therefore doesn't have a hostname? Currently, if I do a search from a hostname, the panel running a search on router logs just pulls up all router logs. If someone searches for a hostname, I just want the panel that searches router logs to say 'no results found". All the table results except IP come from an Automatic Lookup populated by a Lookup file.
Below is the dashboard panel search string.
index=__sec_fw sourcetype=cisco:asa host IN ("router1", "router2") src_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 128.163.61.0/24, 128.163.59.0/25, 128.163.59.128/25)
| rename src_ip AS IP
| search IP="$ip$"
| table "IP", Location, Location_Additional, Floor, _time
... View more