Hello, I am new to the forum, please forgive me for that if I make a mistake. I made the following code and I want the drilldown to show me a table each time you select a field from the pie charts.
I tried this example but did not work.
CODE
<module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="True">
<param name="search">`networkindex` type=ips | top limit=10 attack_name</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">pie</param>
<module name="JobProgressIndicator"/>
<!-- here's the FlashChart that we'll click on -->
<module name="FlashChart">
<param name="width">100%</param>
<param name="height">180px</param>
<param name="enableResize">False</param>
<!-- we swap out the search to be a timechart. -->
<module name="HiddenSearch">
<param name="search">`networkindex` type=ips | fields _time attack_name src_ip dest_ip src_port dest_port dest_app | fields - _raw </param>
<!-- this module will grab the value we clicked on and put it in as a searchterm, series="someSourcetype". -->
<module name="ConvertToIntention" layoutPanel="panel_row4_col1">
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="attack_name">$click.value$</param>
</param>
<!-- tells the addterm intention to put our term in the first search clause no matter what. -->
<param name="flags"><list>indexed</list></param>
</param>
<!-- finally, we render the search in another FlashChart, and we throw in a JobProgressIndicator for good measure. -->
<module name="JobProgressIndicator"></module>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="HiddenSearch" layoutPanel="panel_row1_col2" group="Top 10 Users" autoRun="True">
<param name="search">`networkindex` type=ips user!=n/a | top limit=10 user | fields user, count</param>
<param name="groupLabel">Top 10 Users</param>
<module name="ViewstateAdapter">
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">bar</param>
<module name="FlashChart">
<param name="width">100%</param>
<param name="enableResize">true</param>
<module name="HiddenSearch">
<param name="search">`networkindex` type=ips user!=n/a | fields _time user src_ip dest_ip src_port dest_port dest_app | fields - _raw </param>
<!-- this module will grab the value we clicked on and put it in as a searchterm, series="someSourcetype". -->
<module name="ConvertToIntention" layoutPanel="panel_row4_col1">
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="user">$click.value$</param>
</param>
<!-- tells the addterm intention to put our term in the first search clause no matter what. -->
<param name="flags"><list>indexed</list></param>
</param>
<!-- finally, we render the search in another FlashChart, and we throw in a JobProgressIndicator for good measure. -->
<module name="JobProgressIndicator"></module>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Service" autoRun="True">
<param name="search">`networkindex` type=ips | table dest_app | chart count(dest_app) over dest_app </param>
<param name="groupLabel">Service</param>
<module name="ViewstateAdapter">
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">pie</param>
<module name="FlashChart">
<param name="width">100%</param>
<param name="enableResize">true</param>
<module name="HiddenSearch">
<param name="search">`networkindex` type=ips | fields _time dest_app src_ip dest_ip src_port dest_port | fields - _raw </param>
<!-- this module will grab the value we clicked on and put it in as a searchterm, series="someSourcetype". -->
<module name="ConvertToIntention" layoutPanel="panel_row4_col1">
<param name="intention">
<param name="name">addterm</param>
<param name="arg">
<param name="dest_app">$click.value$</param>
</param>
<!-- tells the addterm intention to put our term in the first search clause no matter what. -->
<param name="flags"><list>indexed</list></param>
</param>
<!-- finally, we render the search in another FlashChart, and we throw in a JobProgressIndicator for good measure. -->
<module name="JobProgressIndicator"></module>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="Tabs" layoutPanel="panel_row3_col2" autoRun="True">
<param name="name">selectedTab</param>
<param name="staticTabs">
<list>
<param name="label">Attacks</param>
<param name="value">attack_name</param>
</list>
<list>
<param name="label">Service</param>
<param name="value">dest_app</param>
</list>
<list>
<param name="label">Source IP</param>
<param name="value">src_ip</param>
</list>
<list>
<param name="label">Destination IP</param>
<param name="value">dest_ip</param>
</list>
<list>
<param name="label">User</param>
<param name="value">user</param>
</list>
</param>
<module name="Search">
<param name="search">`networkindex` type=ips | stats sparkline count by $selectedTab$ | sort -count</param>
<module name="Pager">
<param name="count">10</param>
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
</module>
</module>