Reply

ADP Event Count by Rules with drilldown

[ Edited ]
Adviser
Posts: 136
2239     0

This report shows ADP Events by Rules and allows to drilldown to the report ADP Events by IP (next 2 messages) and to the Categories level.

 

Report ID: pvm_adp_rules

<form>
  <label>1_ADP Rules</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="time" searchWhenChanged="true">
      <label>Period</label>
      <default>
        <earliest>-30d@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="Category" searchWhenChanged="true">
      <default>*</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>ADP Rules</title>
      <table>
        <search>
          <query>index=ib_security source="ib:ddos:events" CATEGORY="$Category$" |stats sum(ACOUNT) as ALERTS, sum(DCOUNT) as DROPS by CATEGORY, MESSAGE, SID, SEVERITY | sort DROPS desc</query>
          <earliest>$time.earliest$</earliest>
          <latest>$time.latest$</latest>
        </search>
        <drilldown>
          <condition field="MESSAGE">
          <link target="_blank">/app/infoblox/pvm_adp_rules_hits_by_client?form.RuleID=$row.SID$&amp;form.time.earliest=$time.earliest$&amp;form.time.latest=$time.latest$&amp;form.time=$time$</link>
        	</condition>
          <condition field="CATEGORY">
          <link target="_blank">/app/infoblox/pvm_adp_categories?form.RuleID=$row.CATEGORY$&amp;form.time.earliest=$time.earliest$&amp;form.time.latest=$time.latest$&amp;form.time=$time$</link>
        	</condition>
          </drilldown>
        <option name="fields">CATEGORY,MESSAGE,SEVERITY,ALERTS,DROPS</option>
        <option name="wrap">true</option>
        <option name="rowNumbers">true</option>
        <option name="drilldown">cell</option>
        <option name="dataOverlayMode">none</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You