Drill into Chart Metadata from the Dashboards
To further investigate events associated with widgets on the Dashboards page:
- Select or deselect a data segment by doing one of the following:
- To drill down into selected data on the Analyze page, double-click on that segment of a graph.
To filter data out of your results, press the Alt key and double-click on that segment of a graph. The filtered data set opens on the Analyze page.
The Web Console transitions to the Analyze page and displays your selected data set.
When you drill into a chart that has a WHERE clause in its configuration, the Analyze page automatically displays the value that you drilled into AND the value of the WHERE clause as an expression in the Lucene Search field unless you selected Ignore on Drilldown when you configured the widget. For more information, see Configure TopX Widget Data Settings.
When you drill into a chart that does not have a WHERE clause, the Lucene Search field does not automatically display on the Analyze page.If you prefer to view the Analyze page in a new tab, select the User icon in the upper-right corner, select Settings, select Open in new tab, and click Done.
- When you are ready to return to the Dashboards page, at the top of the page, click the LogRhythm logo.
Filter Chart Data on the Analyze Page
When the Analyze page displays, you can filter data for forensic investigations. On the Dashboards page, select a segment in a bar chart or pie chart. The selected data then redraws on the Analyze page.
The Trend chart and Data charts reflect the new metadata. At the top left of the page, the breadcrumbs show your filter criteria. Exclusion criteria appear in the breadcrumbs with a NOT prefix. You can select the X to the right of a breadcrumb to return to the previous filter or close the breadcrumb. You can also use Lucene Search syntax to filter data on the Analyze page. For more information, see Use Lucene Search to Filter Data.