我在仪表板中有 3 个面板 - 面积图(从服务器日志中填充数据)、条形图(从访问日志中填充数据)和一个面板,当我们单击图表中的数据点时,它会显示搜索结果。当我单击面积图中的数据点时,搜索工作正常并更新名为 DataPanel 的面板。但是,当我单击条形图上的数据点时,它会弄乱所有数据并多次显示相同的数据。下面是我目前正在使用的 xml。
请提供任何建议来修复搜索。
<form theme="light">
<label Dash</label>
<fieldset submitButton="false" autoRun="false">
<input type="time" token="tkn_search" searchWhenChanged="true">
<label>Select Time Range</label>
<default>
<earliest>-12h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="tkn_dom">
<label>Domain</label>
<fieldForLabel>index</fieldForLabel>
<fieldForValue>index</fieldForValue>
<search>
<query>|eventcount summarize=false index="*_dom" | dedup index | fields index</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
</input>
<input type="dropdown" token="tkn_sourcetype" searchWhenChanged="true">
<label>Log Source Type</label>
<search>
<query>|metadata type=sourcetypes index=$tkn_dom$ | fields sourcetype</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<fieldForLabel>sourcetype</fieldForLabel>
<fieldForValue>sourcetype</fieldForValue>
<default>access_log</default>
<initialValue>access_log</initialValue>
</input>
<input type="dropdown" token="tkn_host" searchWhenChanged="true">
<label>Host</label>
<fieldForLabel>host</fieldForLabel>
<fieldForValue>host</fieldForValue>
<search>
<query>| metadata type=hosts index=$tkn_dom$ | fields host</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
</input>
<input type="text" token="tkn_search_txt" searchWhenChanged="true">
<label>Search Text</label>
<default>ERROR</default>
</input>
</fieldset>
<row>
<panel id="DataChartPanel">
<title>Logs TIme Series</title>
<chart>
<search>
<query>index=$tkn_dom$ host=$tkn_host$ sourcetype=$tkn_sourcetype$ ($tkn_search_txt$) | timechart count</query>
<earliest>$tkn_search.earliest$</earliest>
<latest>$tkn_search.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.text">Time</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Number of Errors</option>
<option name="charting.chart">area</option>
<option name="charting.drilldown">all</option>
<option name="refresh.display">progressbar</option>
<option name="charting.backgroundColor">#FFFFFF</option>
<option name="charting.fontColor">#000000</option>
<option name="charting.fieldColors">{"ERROR" : 0xF70B0B}</option>
<drilldown>
<eval token="drilldown.earliest">$earliest$</eval>
<eval token="drilldown.latest">$latest$</eval>
</drilldown>
</chart>
</panel>
<panel id="DataChartPanel1">
<title>Access Logs</title>
<chart>
<search>
<query>index=$tkn_dom$ host=$tkn_host$ sourcetype=access | chart count by StatusCode</query>
<earliest>$tkn_search.earliest$</earliest>
<latest>$tkn_search.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.chart">bar</option>
<option name="charting.drilldown">all</option>
<option name="charting.legend.placement">right</option>
<option name="height">175</option>
<option name="refresh.display">progressbar</option>
<drilldown>
<set token="tkn_sourcetype">access</set>
<eval token="drilldown.earliest">$earliest$</eval>
<eval token="drilldown.latest">$latest$</eval>
<eval token="tkn_search_txt">$click.value$</eval>
</drilldown>
</chart>
</panel>
</row>
<row>
<panel id="DataPanel">
<event>
<title>Errors</title>
<search>
<query>index=$tkn_dom$ host=$tkn_host$ sourcetype=$tkn_sourcetype$ ($tkn_search_txt$)</query>
<earliest>$drilldown.earliest$</earliest>
<latest>$drilldown.latest$</latest>
</search>
<option name="list.drilldown">none</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">1</option>
</event>
</panel>
</row>
</form>