Splunk Search & Pivot
Search
The following search pattern does this,
read in a source
create new field called NessusScan that grabs anything between underscore _ and dot
add another field NessusEnv grab only capital letters
search only the NYC environment data
for field Risk, replace "None" with "Information"
exclude any results where Risk field value is "Risk"
source = /opt/jira-maestro/plugins/nessus/csv/NYC_windows_servers.csv
index=nessus | rex field=source "(?<NessusScan>(?<=\_)(.*?)(?=\.)+)" | rex field=source "(?<NessusEnv>[A-Z]+)" | search NessusEnv=NYC | rex field=Risk mode=sed "s/None/Information/g" | where Risk !="Risk"
NessusScan = windows_servers
NessusEnv = NYC
search for several patterns, create a custom field from this search
index="bintray" source="/opt/jira-maestro/plugins/bintray_url/csv/bintray_logs.csv" | rex field=product "(?<my_product>((Product_A)|(Product_B))+)"
my_product count = 2
Pivot & Dashboard
drop down select, Bar chart displays data filtered by the drop down
<form>
<label>Nessus</label>
<search id="baseSearch">
<query>| tstats count FROM datamodel=nessus_424 WHERE NessusEnv="$product_selection$"</query>
</search>
<description>Nessus Scans</description>
<fieldset submitButton="false">
<input type="time" searchWhenChanged="true" token="time_commander">
<label>Time period</label>
<default>
<earliest>-7d@d</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="nessus_env" searchWhenChanged="true">
<label>Nessus Environment</label>
<choice value="TX">TX</choice>
<choice value="NY">NY</choice>
<default>TX</default>
</input>
</fieldset>
<row>
<panel>
<title>by Severity (Pie)</title>
<chart>
<title>$nessus_env$</title>
<search>
<query>| pivot nessus_pivot RootObject count(RootObject) AS "Count of _bWlrZS5yZWlkZXI_bWlrZS5yZWlkZXI__search__RMD5af928bdbfb291e54_at_1493054301_59023" SPLITROW Risk AS Risk SORT 6 Risk ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 FILTER NessusEnv is "$nessus_env$"</query>
<earliest>0</earliest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.seriesColors">[0xc40f15,0xe88b00,0x0072ba,0x06991c,0xf7c42c]</option>
<option name="height">290</option>
</chart>
</panel>
</row>
</form>