Reply

Traffic Rate by Member Report

Adviser
Posts: 267
1211     1
<form>
  <label>Traffic Rate by Member</label>
  <description>System-created dashboard: Please clone before editing.</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="time">
      <label>Time</label>
      <default>
        <earliest>-1d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="topn">
      <label>Top N</label>
      <choice value="5">5</choice>
      <choice value="10">10</choice>
      <choice value="20">20</choice>
      <choice value="50">50</choice>
      <choice value="100">100</choice>
      <choice value="200">200</choice>
      <choice value="250">250</choice>
      <choice value="500">500</choice>
      <default>5</default>
      <prefix>top</prefix>
    </input>
    <input type="multiselect" token="members">
      <label>Members</label>
      <choice value="*">All</choice>
      <search>
        <query>index=ib_system_summary report=si_traffic_rate 
               | stats count by orig_host</query>
        <earliest>$time.earliest$</earliest>
        <latest>$time.latest$</latest>
      </search>
      <fieldForLabel>orig_host</fieldForLabel>
      <fieldForValue>orig_host</fieldForValue>
      <default>*</default>
      <prefix>(</prefix>
      <suffix>)</suffix>
      <valuePrefix>orig_host="</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <delimiter> OR </delimiter>
    </input>
    <input type="dropdown" token="ea_site">
      <label>Member Site</label>
      <choice value="All">All</choice>
      <default>All</default>
      <search>
        <query>| inputlookup __grouping_by_ea_tag_lookup
               | spath input=EA path=Site output=EA_Site
               | stats count by EA_Site </query>
        <earliest>$time.earliest$</earliest>
        <latest>$time.latest$</latest>
      </search>
      <fieldForLabel>EA_Site</fieldForLabel>
      <fieldForValue>EA_Site</fieldForValue>
      <change>
        <condition value="All">
          <set token="ea_site_str"> | noop </set>
        </condition>
        <condition value="*">
          <set token="ea_site_str"> | spath input=EA path=Site output=EA_Site
                                    | where EA_Site="$value$"</set>
        </condition>
      </change>
    </input>
    <input type="radio" token="group_by">
      <label>Group By EA Tag/Field</label>
      <choice value="none">None</choice>
      <choice value="EA_Site">Site</choice>
      <default>none</default>
      <change>
        <condition value="none">
          <set token="group_by_str"> | noop </set>
          <set token="time_chart_field">MEMBER</set>
          <set token="group_by_stats"> | noop </set>
          <unset token="show_calculation" />
          <set token="calculation_method">avg</set>
          <unset token="form.calculation_method"></unset>
        </condition>
        <condition value="EA_Site">
          <set token="group_by_str">| spath input=EA path=Site output=EA_Site
                                    | eval EA_Site = if(isnull(EA_Site),"(No_Value)",EA_Site)
                                    | eval EA_Site=if(like(MEMBER,"%inbound%"),EA_Site+": inbound",EA_Site+": outbound")</set>
          <set token="time_chart_field">EA_Site</set>
          <set token="group_by_stats">  | stats avg(TRAF_VALUE) as TRAF_VALUE by _time, orig_host, EA_Site </set>
          <set token="show_calculation">true</set>
        </condition>
      </change>
    </input>
    <input type="radio" token="calculation_method" depends="$show_calculation$">
      <label>Calculation method</label>
      <choice value="sum">Aggregate</choice>
      <choice value="avg">Average</choice>
      <choice value="max">Maximum</choice>
      <default>avg</default>
    </input>
    <input type="link" token="view" searchWhenChanged="true">
      <label>View</label>
      <choice value="chart">Line Chart</choice>
      <choice value="table">Table</choice>
      <choice value="both">Both</choice>
      <default>chart</default>
      <change>
        <condition value="table">
          <set token="show_table">true</set>
          <unset token="show_chart"></unset>
        </condition>
        <condition value="chart">
          <set token="show_chart">true</set>
          <unset token="show_table"></unset>
        </condition>
        <condition value="both">
          <set token="show_chart">true</set>
          <set token="show_table">true</set>
        </condition>
      </change>
    </input>
  </fieldset>
  <search id="base_search">
    <query>index=ib_system_summary report=si_traffic_rate
               $members$
               $ea_site_str$
               $group_by_str$
               $group_by_stats$
               | timechart bins=1000
               $calculation_method$(TRAF_VALUE) by $time_chart_field$
                where max in $topn$ useother=f
               | interpolate 1200</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>
  <row>
    <panel isVisible="$show_chart$">
      <chart depends="$show_chart$">
        <search base="base_search">
          <query>| rename _time as Time
                 | eval Time=strftime(Time, "%Y-%m-%d %H:%M:%S %Z")</query>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="charting.axisTitleX.text">Time</option>
        <option name="charting.axisTitleY.text">Traffic Rate, Bytes/sec</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel isVisible="$show_table$">
      <table depends="$show_table$">
        <search base="base_search">
          <query>| sort -_time
                 | rename _time as Time
                 | eval Time=strftime(Time, "%Y-%m-%d %H:%M:%S %Z")</query>
          <earliest>$time.earliest$</earliest>
          <latest>$time.latest$</latest>
        </search>
        <option name="wrap">false</option>
        <option name="rowNumbers">true</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>
If you appreciate my efforts, please give me a kudo ↓ or Accept as solution to help others find it faster.
Showing results for 
Search instead for 
Do you mean 

Recommended for You