- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Build splunk dasboard with two different searc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to have this two chart merge into single chart as a two different line diagram
sourcetype="tomcat-webapp" host="server-notify06*" | rex "(?i)(?P<FIELDNAME>\w+=\[[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\])" |bucket _time span=1h | stats count(FIELDNAME) by _time| rename count(FIELDNAME) as "Count"
sourcetype="tomcat-webapp" host="server-notify06*" | rex "(?i)(?P<FIELDNAME>\w+=\[\w+\])" | bucket _time span=1h | stats count(FIELDNAME) by _time| rename count(FIELDNAME) as "Count"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try something like this
sourcetype="tomcat-webapp" host="server-notify06*" | rex "(?i)(?P<FIELDNAME1>\\w+=\[[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\])" | rex "(?i)(?P<FIELDNAME2>\w+=\[\w+\])" | timechart span=1h count(FIELDNAME1) as Count1 count(FIELDNAME2) as Count2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a couple of dashboard. In each dashboard, i would like to have a feature of drop down menu on top of each dashboard, selecting the drop down menu, should redirect me to the different dashboard according to the selection . How can i achieve that feature ? I tried something as below and no luck !!
<input type="dropdown" token="field1">
<label></label>
<default>Select a page to open</default>
<choice value="">Select a page to open</choice>
<choice value="first_dashboard">Link to first dashboard</choice>
<choice value="second_dashboard">Link to second dashboard</choice>
<change>
<condition value="first_dashboard">
</condition>
<condition value="second_dashboard">
</condition>
</change>
<chart>
</chart>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try something like this
sourcetype="tomcat-webapp" host="server-notify06*" | rex "(?i)(?P<FIELDNAME1>\\w+=\[[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\])" | rex "(?i)(?P<FIELDNAME2>\w+=\[\w+\])" | timechart span=1h count(FIELDNAME1) as Count1 count(FIELDNAME2) as Count2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That worked great !!!! Thank you
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
