Versions Compared

Old Version 12

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Both types of inputs can be used as variable elements for widgets. To do this, it is necessary to introduce specific functions both in the widget and input data sources. Remember that you need to activate the edit mode for this.

  • The widget's query must reference the required input through a script placed in the part of the query you want to substitute with the input values. This script consists of the input ID, a dot, and the word value (InputID.value), and can be accompanied by an operator depending on the function the input values fulfill inside the query.

  • The input data source must reference the required functions that will translate into options to substitute the widget query with.

Info

About IDs

All widget and input ID values are assigned automatically when created and can be read in the Data settings of the widget or input element.

...

Depending on the data to be entered in the input and their function inside the widget query, you can use the following types of expressions and operators :described below.

In the widget

In the input

query(InputID.value)

Use this expression in the widget query as a placeholder for whole queries.

Enter the required query in the input and the widget will display the query results.

Example

query(Input0.value)

Example

Input0 → from demo.ecommerce data where method = GET

$InputID.value

Use the $ operator in the widget query to indicate that the text specified in the input has a specific format and matches that of the parameter to be replaced. This is used as a placeholder for specific values, which is mostly required in the case of filter operations.

Enter the required filtering options in the input and the widget will display the result of the filter operation.

Example

query(from demo.ecommerce.data
where method=$Input0.value)

Example

Input0 → GET, POST, PUT

$*InputID.value

Use the $* operator in the widget query to indicate that the text specified in the input has no specific format and is just a string of characters to replace query options or fields instead of specific values. This is used as a placeholder for whole query parts or fields.

Enter the required query part or field in the input and the widget will display the results.

Example

query(from $*Select0.value
group every $*Select1.value
by $*Select2.value)

Example

Select0 → demo.ecommerce.data, siem.logtrust.web.activity

Select1 → 10m, 20m,30m

Select2 → method, locale, username

These expressions will make your widgets show data according to the content introduced in the inputs referenced in their queries, however, they will not show anything until the input contains valid values. If you want them to show content prior to manual selection, you can further configure them as explained in the following article: Show data in widgets before entering values in inputs

...

Expand
titleExample 1

Use the following query in a table widget to create a dynamic table that allows you to specify the source data table, the grouping period, and the grouping key.

Code Block
query(
 from $*Select0.value
 group every $*Select1.value 
 by $*Select2.value select count() as count)

The table is linked to three different Select-type inputs populated with the values shown below.

Select0

Select1

Select2

["demosiem.logtrust.ecommerceweb.dataactivity", "siem.logtrust.web.all.accessnavigation"]

["2m", "5m", "10m", "1s"“1m”, “2m”, “5m”, “10m”]

["statusCode", "method"“type”, “city”]

The following capture shows the table after selecting demosiem.logtrust.ecommerceweb.dataactivity as source table, 1s 5m as grouping time and statusCodetype as key column for the grouping.

Image RemovedImage Added
Expand
titleExample 2

Use the following query to feed a column widget to display the count of status codes methods with response times greater than a specified value and grouped by a period selected from a list of values.

Code Block
query(
from demo.ecommerce.datasiem.logtrust.web.activity
where responseTime > $*Input0.value
group every $*Select0.value 
by statusCode where statusCode > $Input0.value 
method
select count() as count)

The Select-type input is inputs are populated with the values shown below.

Select0

Input0

["5m", "10m", "15m"]

Free text500

The following capture shows the column widget after entering 5m selecting 15m in the free-text select input as grouping period and selecting 400 entering 500 in the select free-text input as filtering value, so that only status codes methods with response times greater than 400 500 are shown in each five-minute period. You must select the  count field count field as the Yy-axis value and add the statusCode column the method field as a series in the the Visual  settings settings of the column widget.

Image RemovedImage Added

Related articles:

...