In this example scenario, you create two parameters and add them to the Top 10
Log Sources widget in the Events and flow
metrics
dashboard.
Procedure
- Click .
-
Click Add and create two parameters: one called Time
Period with a value of HOURS, and one called Time
Value with a value of 2. Click Save after
you create each parameter. The parameters are available for all widgets in your
workspace.
- Click Back to Dashboard.
-
On the Top 10 Log Sources widget card, click the Edit
Item icon.
In the
AQL Statement field, the query looks like the following example.
SELECT logsourcename(logsourceid) as 'MY Log Sources',
LONG(SUM("SUM_eventcount")/(2*60*60)) event_rate
FROM GLOBALVIEW('Top Log Sources','NORMAL')
WHERE logSourceId not in (62,63,64,65,66,67,68,69)
GROUP BY logsourceid
ORDER BY event_rate DESC
LIMIT 10
LAST 2 HOURS
-
To modify the query in the AQL Statement field, take the following
steps:
-
Replace
HOURS
by clicking the Insert Parameter icon,
and then click Insert for the Time Period
parameter.
-
Replace
2
with Time Value, and then click Run
Query. The updated query looks like the following example:
SELECT logsourcename(logsourceid) as 'MY Log Sources',
LONG(SUM("SUM_eventcount")/(2*60*60)) event_rate
FROM GLOBALVIEW('Top Log Sources','NORMAL')
WHERE logSourceId not in (62,63,64,65,66,67,68,69)
GROUP BY logsourceid
ORDER BY event_rate DESC
LIMIT 10
LAST
{Time Value}
{Time Period}
-
After the query runs successfully, click Save.
Results
The new parameters are added to the Parameters card, and are prefaced
by an asterisk (*) to indicate that they are default values for the workspace. Only parameters that
are used by the widgets in this dashboard appear in the Parameters card. The time selector parameter
is not read-only.