I have a few searches / dashboards which give me basically what I want, mostly things like "top 5 alerts" reports from a network activity log. They work great in the Search view, showing the alert types, number/count of hits, and percentage in a table.
But, when I graph that on the dashboard, it doesn't behave as I would expect. The bar chart shows the alert types as bars. I expected the legend to show the severity types/values (High/Med/Low), but instead it shows "count".
When I click on the bar for "High", the drilldown I expected was "alert=high", instead it's "count=813" -- and there is no "count" field in my logs, so that fails.
I'm sure this is a common scenario for others, can anyone point me to an example search/dash that works as expected?
... View more