Feature #1706
Dashboard: traceroute
Start date:
01/28/2017
Due date:
% Done:
100%
Associated revisions
Initial version of traceroute view
Reference #1706
Including the dest info in the traceroute search output
Including the dest_ip and dest_name so that the traceroute dashboard can
display the information
Reference #1706
History
#1
Updated by Luke Murphey almost 8 years ago
Updated by Need to:
- Make sure bnf is accurate
- Show existing output in textbox of widget or display the dest
- Make sure drilldown uses the correct search
#2
Updated by Luke Murphey almost 8 years ago
- % Done changed from 0 to 70
#3
Updated by Luke Murphey almost 8 years ago
- % Done changed from 70 to 80
The traceroute dashboard isn't showing the correct cached results. They are not getting extracted properly.
#4
Updated by Luke Murphey almost 8 years ago
These two searches perform differently.
This works:
sourcetype="traceroute" unique_id=26ebc82b | rex field=_raw "rtt=\"(?<rtt>[.0-9]+)\"" max_match=5 | rex field=_raw "name=\"(?<name>[.0-9]+)\"" max_match=5 | rex field=_raw "ip=\"(?<ip>[.0-9]+)\"" max_match=5 | stats values(rtt) as rtt values(ip) as ip values(name) as name first(dest_host) as dest_host first(dest_ip) as dest_ip by hop | sort hop
This doesn't:
sourcetype=traceroute | head 1 | join unique_id max=100 [| search sourcetype=traceroute] | rex field=_raw "rtt=\"(?<rtt>[.0-9]+)\"" max_match=5 | rex field=_raw "name=\"(?<name>[.0-9]+)\"" max_match=5 | rex field=_raw "ip=\"(?<ip>[.0-9]+)\"" max_match=5 | stats values(rtt) as rtt values(ip) as ip values(name) as name first(dest_host) as dest_host first(dest_ip) as dest_ip by hop | sort hop | fields - dest_host dest_ip
#5
Updated by Luke Murphey almost 8 years ago
- Status changed from New to Closed
- % Done changed from 80 to 100