[SecViz] Print node labels only after threshold

[Michel Ferreira]

Thanks Raffy, worked like a charm =)

Here's my properties file, for anyone who wants to reproduce. The
input is a session table of a firewall.

# AfterGlow Color Property File
#
# @fields is the array containing the parsed values
# color.source is the color for source nodes
# color.event is the color for event nodes
# color.target is the color for target nodes
#
# The first match wins
#

color.source="yellow" if ($fields[0]=~/^192\.168\..*/);
color.source="greenyellow" if ($fields[0]=~/^10\..*/);
color.source="lightyellow4" if ($fields[0]=~/^172\..*/);
color.source="red"

color.event="blue" if ($fields[1]<1024)
color.event="lightblue"

color.target="yellow" if ($fields[2]=~/^192\.168\..*/);
color.target="greenyellow" if ($fields[2]=~/^10\..*/);
color.target="lightyellow4" if ($fields[2]=~/^172\..*/);
color.target="red"

# Changing node labels:
#label=substr(field(),0,10)
label=field() if ($fields[0] > 100)

# URL for nodes (used for graphviz to enable image map functionality)
# This is an exampel of how to use AfterGlow with Splunk
url=http://localhost:8000/?q=\N%20starthoursago%3A%3A24

# Using node sizes:
#size.source=1;
#size.target=200
#maxNodeSize=0.2

I've attached the resulting file.

Regards,
Michel

On Tue, Apr 13, 2010 at 7:48 PM, Raffael Marty <raffy at raffy.ch> wrote:

> You can do that.... You will have to do something like:

>

> label=field() if ($foo)

>

> in the property file. $foo is your condition. The threshold you get through $targetCount{$targetName}...

>

> label=field() if ($targetCount{$targetName} > 10)

>

> I haven't tried this, but this is I think how you can do it. Let me know if that works.

>

>  Raffy

>

> --

> Raffael Marty,                               Founder @ Loggly

> @zrlram                                         raffy.ch/blog

>

> On Apr 13, 2010, at 1:16 PM, Michel Ferreira wrote:

>

>> On afterglow is there any way to print the labels only after certain threshold ?

>>

>> Regards,

>>

>> Michel

>> _______________________________________________

>> SecViz-Visualization mailing list

>> SecViz-Visualization at secviz.org

>> http://eight.pairlist.net/mailman/listinfo/secviz-visualization

>

>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: print_14-04-2010 08.01.11.png
Type: image/png
Size: 190666 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/secviz-visualization/attachments/20100414/075874c4/attachment-0001.png>