Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is Firewall Dashboard dropdown not triggering any data?

cpsec
Loves-to-Learn Lots
‎06-21-2023 12:05 PM

Hello,

I'm new to Splunk and currently working on a firewall dashboard. I'm encountering issues with the coding, specifically regarding a dropdown firewall panel. My goal is to create a dropdown menu that lists 33 different firewalls, and when a firewall is selected, other panels should display the corresponding data. However, I'm facing a problem where selecting a firewall doesn't trigger any data to appear. I'm wondering if there's something missing or if I made a mistake in my implementation. Additionally, I have 333 host types, and I'm unsure of the best way to condense them into a single field.

Below, you'll find the code for my firewall dropdown menu and a total result panel. Any assistance would be greatly appreciated.

Thank you kindly.

<panel>
<input type="dropdown" token="firewall_token" searchWhenChanged="true">
<label>Search by Firewall:</label>
<choice value="All">All Firewalls</choice>
<choice value="ais-fw-a">Firewall 1</choice>
<choice value="ais-fw-b">Firewall 2</choice>
<!-- Add more choices for different firewalls -->
</input>
</panel>

<panel>
<title>Total Results</title>
<chart>
<search>
<query>
index=firewalls earliest="$time_earliest$" latest="$time_latest$"
| stats count by source
</query>
</search>
<option name="charting.chart">bar</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.drilldown">all</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisMiddle</option>
</chart>
</panel>

Labels (3)
Labels
Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-21-2023 01:40 PM

Have you run the Total Result query in a search window to verify it returns results?  If the source field is null then stats will return nothing.  Also, verify the time_earliest and time_latest tokens exist.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

cpsec
Loves-to-Learn Lots
‎06-22-2023 07:04 AM

Indeed, I have confirmed that all the fields are functioning correctly and returning data when searched. However, I'm encountering difficulties with the functionality that allows me to switch between different firewalls and display the corresponding data for the selected firewall. Despite my efforts, this aspect of the dashboard is not functioning as expected.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-22-2023 01:25 PM

Please tell us more about these difficulties you're having.  What exactly are you doing, what do you expect to happen and what actually happens?  Is "Search on Change" enabled?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...