Hello to you both!I'm trying to do the excact same thing as anssntaco with the only difference my drilldown is a simple table.I followed the steps but nothing happens.What am i doing wrong!Thanks in advance!
<module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Service" autoRun="True">
<param name="search"> networkindex` type=ips | table dest_app | chart count(dest_app) over dest_app
Service
<module name="ViewstateAdapter">
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">pie</param>
<module name="FlashChart">
<param name="width">100%</param>
<param name="enableResize">true</param>
<module name="HiddenSearch">
<param name="search">`networkindex` type=ips | fields _time dest_app src_ip dest_ip src_port dest_port | fields - _raw </param>
<!-- this module will grab the value we clicked on and put it in as a searchterm, series="someSourcetype". -->
<module name="ConvertToIntention" layoutPanel="panel_row4_col1">
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="dest_app">$click.value$</param>
</param>
<!-- tells the addterm intention to put our term in the first search clause no matter what. -->
<param name="flags"><list>indexed</list></param>
</param>
<!-- finally, we render the search in another FlashChart, and we throw in a JobProgressIndicator for good measure. -->
<module name="JobProgressIndicator"></module>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
<module name="CustomBehavior">
<param name="customBehavior">sendPushesToDrilldownTable</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="Tabs" layoutPanel="panel_row3_col2" autoRun="True">
<param name="name">selectedTab</param>
<param name="staticTabs">
<list>
<param name="label">Attacks</param>
<param name="value">attack_name</param>
</list>
<list>
<param name="label">Service</param>
<param name="value">dest_app</param>
</list>
<list>
<param name="label">Source IP</param>
<param name="value">src_ip</param>
</list>
<list>
<param name="label">Destination IP</param>
<param name="value">dest_ip</param>
</list>
<list>
<param name="label">User</param>
<param name="value">user</param>
</list>
</param>
<module name="Search">
<param name="search">`networkindex` type=ips | stats sparkline count by $selectedTab$ | sort -count</param>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
</module>
</module>
<module name="CustomBehavior" layoutPanel="panel_row5_col1">
<param name="customBehavior">receivePushes</param>
</module>
</module>`
... View more