Hello Everyone,
I am working on building native dashboards in Google SecOps and came across multiple issues related to global filters and drill-downs.
1. Additional Field Filters for Entity
I need to create a global filter on a native dashboard using graph.additional.fields["key"].
-
Has anyone been able to use Entity additional fields as filters in native dashboards?
-
Example:
graph.additional.fields["key"] = "value"
2. Time Range Filter Not Working as Expected
I applied a global filter using graph.metadata.interval.start_time across all charts in a native dashboard.
-
When applied, no data is returned.
-
But when editing an individual panel and applying the same time range, data is shown correctly.
👉 Question: Does the panel time filter actually use graph.metadata.interval.start_time, or is it mapped to another field internally? If so, which one?
Global FIlter
Panel Filter
3. Drill-Down Default Time Range
I configured a drill-down on a column in a native dashboard.
-
When I click drill-down, it runs the search with the time range from the saved test query, not the global filter range.
-
Expected behavior: drill-down should inherit the global filter (e.g., if dashboard filter = last 2 days, drill-down should respect that).
👉 Question: Is there a way to make drill-down queries inherit the dashboard/global filter time range instead of being locked to the configured query?
<Drill Down in Panel>
<Drill Down Configuration>
<Search query upon clicking the drill down column>
Thank you in advance for your time and support.