Reply

Reporting Volume Usage Trend per Category Report

Adviser
Posts: 267
2308     0
<form>
  <label>Reporting Volume Usage Trend per Category</label>
  <description>System-created dashboard: Please clone before editing.</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="time">
      <label>Time</label>
      <default>
        <earliest>-1d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="link" token="view" searchWhenChanged="true">
      <label>View</label>
      <choice value="line_chart">Line Chart</choice>
      <choice value="stacked_area">Stacked Area</choice>
      <choice value="both">Both</choice>
      <default>line_chart</default>
      <change>
        <condition value="stacked_area">
          <set token="show_stacked_area">true</set>
          <unset token="show_line_chart"></unset>
        </condition>
        <condition value="line_chart">
          <set token="show_line_chart">true</set>
          <unset token="show_stacked_area"></unset>
        </condition>
        <condition value="both">
          <set token="show_line_chart">true</set>
          <set token="show_stacked_area">true</set>
        </condition>
      </change>
    </input>
  </fieldset>
  <search id="base_search">
    <query>source=* index=_internal (group=per_source_thruput OR group=per_sourcetype_thruput) series=ib:* series!="ib:dns:reserved" series!="ib:reserved1"
      | bucket span=1m _time
      | eval CATEGORY=case(
      ((series="ib:dns:query:top_requested_domain_names"
        OR series="ib:dns:query:cache_hit_rate"
        OR series="ib:dns:query:by_member"
        OR series="ib:dns:query:qps"
        OR series="ib:dns:query:top_clients"
        OR series="ib:dns:stats")
      AND group="per_sourcetype_thruput")
        OR ((series="ib:dns:query:top_clients_per_zone"
        OR series="ib:dns:query:top_clients_per_domain"
        OR series="ib:dns:query:top_nxdomain_query"
        OR series="ib:dns:query:top_failed"
        OR series="ib:dns:query:top_received"
        OR series="ib:dns:query:top_timeout"
        OR series="ib:dns:query:ip_block_group")
      AND group="per_source_thruput"), "DNS Query", series="ib:dns:perf"
      AND group="per_sourcetype_thruput", "DNS Performance", series="ib:ddns"
      AND group="per_sourcetype_thruput", "DDNS", series="ib:dhcp:lease_history"
      AND group="per_sourcetype_thruput", "DHCP Lease History/Fingerprint", (series="ib:dhcp:message" OR series="ib:dhcp:network" OR series="ib:dhcp:range")
      AND group="per_sourcetype_thruput", "DHCP Performance", series="ib:system" AND group="per_sourcetype_thruput", "System Utilization", (series="ib:ipam:network" OR series="ib:dns:view" OR series="ib:dns:zone")
      AND group="per_sourcetype_thruput", "DDI Utilization", (series="ib:dns:query:top_rpz_hit" OR series="ib:dns:fireeye" OR series="ib:ddos:events")
      AND group="per_source_thruput", "Security")
      | where isnotnull(CATEGORY)
      | stats sum(kb) as kb by _time, CATEGORY
      | timechart avg(kb) by CATEGORY
      | interpolate 3600</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>
  <row>
    <panel isVisible="$show_line_chart$">
      <chart depends="$show_line_chart$">
        <search base="base_search">
          <query>| noop</query>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.axisTitleX.text">Time</option>
        <option name="charting.axisTitleY.text">Volume (MB)</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel isVisible="$show_stacked_area$">
      <chart depends="$show_stacked_area$">
        <search base="base_search">
          <query>| noop</query>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">area</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">stacked</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.axisTitleX.text">Time</option>
        <option name="charting.axisTitleY.text">Volume (MB)</option>
      </chart>
    </panel>
  </row>
</form>
If you appreciate my efforts, please give me a kudo ↓ or Accept as solution to help others find it faster.
Showing results for 
Search instead for 
Do you mean 

Recommended for You