All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Fixed Dashboard Searches for blkHoledDomains

rudy_dom
Engager
‎07-31-2018 01:06 PM

Problem - the dashboard was not displaying blackholed client summaries.
Solution -
I cloned a saved search for pi-hole and used the following search:
index=pi-hole sourcetype="pi-hole" "gravity.list" | rex field=_raw "/etc/pihole/gravity.list (?<blkHoledDomain>.*) is" | rex field=_raw "dnsmasq\[\d+\]:\s\d+\s(?<ClientIP>.*?)/"

I then edited the dashboard inline search to use the new cloned searches name for blackholed events.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital ResilienceTune in to What’s New in Splunk Enterprise ...

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...