<form>
  <label>CIS - Volume Review (v 1.0)</label>
  <description>CIS Analytics | Corporate Information Security</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="mytime">
      <label>Select a Time Range</label>
      <default>
        <earliest>-4h@m</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="myspan">
      <label>Span (Interval)</label>
      <choice value="1m">1 Minute</choice>
      <choice value="2m">2 Minutes</choice>
      <choice value="5m">5 Minutes</choice>
      <choice value="30m">30 Minutes</choice>
      <choice value="1h">1 Hour</choice>
      <choice value="3h">3 Hours</choice>
      <choice value="6h">6 Hours</choice>
      <choice value="12h">12 Hours</choice>
      <choice value="1d">1 Day</choice>
      <default>5m</default>
      <initialValue>5m</initialValue>
    </input>
    <input type="multiselect" token="myindex">
      <label>Select your index</label>
      <choice value="*">All Indexes</choice>
      <search>
        <query>index=_internal source=*license_usage.log* type=Usage NOT default | dedup idx | stats count by idx</query>
        <earliest>-7d@h</earliest>
        <latest>now</latest>
      </search>
      <fieldForLabel>idx</fieldForLabel>
      <fieldForValue>idx</fieldForValue>
      <default>bai</default>
      <initialValue>bai</initialValue>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <delimiter> OR  </delimiter>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Viewing Volume By Index  for $myindex$ (GB) every $myspan$</title>
      <chart>
        <search>
          <query>index=_internal source=*license_usage.log* idx=$myindex$ type=Usage NOT default | eval GB=round(b/1024/1024/1024, 4) |  search GB&gt;0.0  | timechart span=$myspan$ sum(GB) AS volume_b by idx limit=50 useother=f</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">column</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">stacked</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="refresh.display">progressbar</option>
      </chart>
    </panel>
  </row>
  <row>
    <panel>
      <title>Volume -GB- By Index (Table) or the selected time range  for $myindex$ (GB) every $myspan$</title>
      <table>
        <search>
          <query>index=_internal source=*license_usage.log* idx=$myindex$ type=Usage NOT default | eval GB=round(b/1024/1024/1024, 4) | search GB&gt;0.0 | stats sum(GB) AS "Volume (GB)" by idx s |rename idx as Index, s AS Source | sort -  "Volume (GB)"</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="count">15</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="wrap">true</option>
        <drilldown>
          <link target="_blank">/app/search/index_based?form.myindex=$row.Index$</link>
        </drilldown>
      </table>
    </panel>
  </row>
</form>