How To Create Reports


Overview

Reports are an elegant way to represent any type of data. In our case, we see a lot of log-based information from various devices in our console. This data can sometimes become a nightmare to understand. So we have come up with a simple, yet effective, process to create reports within our console.

Procedure

To create a report, follow these steps.

Getting to the ‘Reports’ Section

Click on the “Management” tab on the top left corner of the console.

Click on MANAGEMENT menu

You’ll now see a sub menu i.e. a drop down. Click on the option named “Repository”, as shown in the screenshot below:

Select REPOSITORY sub menu

You should now be able to see this view:

REPOSITORY view

Creating a Report

You’re ready to create your first report! Click on the ‘+’ button on the top right corner. From the drop down menu, select the option named “Report”, as shown in the screenshot below:

Click on plus icon and select REPORT

We are greeted with the “New Report” Template.

image

Fill up the details in the visible sections of this form, namely:

Name

Enter any name or identifier with which we would like to identify this report with. For now let’s name it “Sample Report”

File Name Suffix

Add another identifier for better searchability.

References

In this section, you can enter any text with the purpose of identifying this workbook in a simple glance from the repository view.

Description

In this section, enter any text that summarizes the report and its purpose. For our example, we have written “This is a sample report for demo purpose.”

Tags

Just like web pages, we can add relevant tags or words for easy categorization of the report.

Status

Choose between “active” or “inactive” to enable or disable the report as per the use case or requirements. The module is set to “active” by default.

Saving the Report

Once you’ve filled up these fields, you can either click on the “Save” button at the bottom of the page or click on the button “Add Section” to further add contents in the report.

image

Adding Contents to the Report

So let’s click on the “Add Section” button to add some interesting contents to our report. You should be able to see this screen:

image

Now for the fun part! We have to simply enter few values for the different fields which we will get from the “Section Type” drop down. So let’s begin adding them one by one as shown below:

Page Title

In this section we can enter the name or title that we want our report to have. For this demo, we have entered the value “Sample Report”. Go ahead and click on the “Done” button at the top right to add our section. We are greeted with a “Section Page” with our added “Page Title” as shown below:

image
Page Sub Title

In this section, enter the name or sub-title that we want our report to have. In this examplem we have entered the value “Here we can enter the sub title”. Click on the “Done” button at the top right to finish adding the section. You should now be greeted with the “Section Page” with our added “Page Sub Title” as shown below:

image
Description Text

In this section, enter any text that summarizes the module and its purpose. For our example, we have filled the description section with “This is the description area”. Click on the “Done” button at the top right to add this section. You should now be greeted with the “Section Page” with our added “Description” as shown below:

image
Free Rows

In this section, we can enter a number that represents the count of free rows as desired. For this example, we have entered the value “1” and clicked on the “Done” button at the top right to add this section. You should now be greeted with the “Section Page” with our added “Free Rows” as shown below:

image

Adding a Data Table to the Report

In this section, we can add the query using which we shall get relevant information as per our use case or requirement. For our ongoing example, we have entered a query that displays the Source IP Addresses which led to the log creation from “Web Servers” within the last hour. Here’s the query:

    ```
    _fetch * from event where $LogType=WEBSERVER AND $Duration=1h group count_unique $SrcIP limit 20
    ```

And here’s what the screenshot looks like.

image

One important point to note is that, whichever query we enter in this field , it should have a clause with the $Duration field i.e. the query should be able to fetch data from within specified time intervals. Without this field, the report creation does not give an impressive view of the data for which the report is created.

Note - Each and every query should have a duration clause as shown in the example above.

Now let’s move ahead and click on the button named “Execute”, which executes the query and checks for syntax errors. Note that this button does not display the output of the query but just checks for syntax errors. If all is good, no errors are thrown and the buttons beside the “Execute” button get enabled. These buttons are “Add Column” and “Add Chart”.

Click on “Add Column” and we get presented with the following view:

image

The fields in this view are pretty straightforward and simple. Let’s run through their significance in brief:

  • Column Type: The type of data present in the column. By default, it is set to “Field” which means the data in the column is in “text” format i.e., alphabets and numbers.
  • Fields: A dropdown which lists the columns present in the output of the mentioned query. You can select the relevant one, which is $SrcIP (Source IP Address) in our example.
  • Rename: This section gives us the ability to rename the chosen column in the “Fields” section above to something which is humanly understandable. E.g. “Source IP Address” makes more sense than “$SrcIP” to people.
  • Column Width: Set the width of the columns as per the aesthetic requirements of the table.
  • Column Format: The format of the column chosen, which is set to “dataTableTextC“ by default. This field is not editable.
image

Also, we can add more columns to the table by clicking on the ‘+’ icon a shown below :

image

After we have filled all the required sections, it’s finally time to “Generate Table” by clicking on that button. This presents us with the output of our query as shown below:

image

Click on the “Done” button at the top right to complete. We have successfully created a table!

image

Adding a Chart to the Report

Now for the most fun part! Let’s add a chart by clicking on the “Add Chart” button.

image

The fields, as seen in the screenshot above, need to be filled in order to create a beautiful-looking chart.

  • Chart Type: A dropdown to select the type of chart required. Options consist of “Horizontal Bar Chart”, “Vertical Bar Chart” and “Pie Chart”.
  • Label Field: A dropdown that lists the columns present in the output of the mentioned query. We have to select the relevant one (which is $SrcIP in our example).
  • Value Field: A dropdown that lists the values present in the output of the mentioned query. We have to select the relevant one, which is count_unique in our example. Note that this section needs to have those columns for which a relation exists with the column mentioned in the “Label Field”
  • Title Text: Enter a title for our new chart.
  • X-Axis Label: Enter a text/label to represent the data on the horizontal axis.
  • Y-Axis Label : Enter a text/label to represent the data on the vertical axis.

Now we can preview our chart, which will get created as per our values entered earlier. To do this, click on “Preview”.

image

To make changes, click on “Back” button to go back and edit the fields discussed earlier and preview the changes before saving the report. If you are happy with the changes, move ahead and click on the “Save” button at the bottom of the page.

image

We can now go ahead and click on “Done” at the top right of our “Section View” as seen earlier.

And by following these steps, we have successfully created an awesome report for our use.