Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days

Amadou
Loves-to-Learn
‎07-04-2024 12:44 PM

Hello Can you help me Creating a dashboard that contains the following charts/data:

                     Bookmarked content

    1. A chart (of tstat/ counts) of the content that was bookmarked. for the past 7 days
    2. A chart with the names of the alerts/detections that were bookmarked for the past 30 days  Analso in this situation how to find your filed name in your splunk: bookmarked, bookmark I use both of them in my query but it still not working or we should use ''active'' please propose me a query.                  help me find the exact field name in order to create the exact query. Thank you. 
Labels (1)
Labels
0 Karma
Reply

Amadou
Loves-to-Learn
‎07-04-2024 12:59 PM

I mean the content i have mapped in my mitre attack in the last 7 days.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎07-04-2024 12:49 PM

What is bookmarked data? Please share some anonymised, representative sample events showing the event data you are working with, and a representation of your expected results.

Tags (1)
0 Karma
Reply

Amadou
Loves-to-Learn
‎07-04-2024 01:20 PM

@ITWhisperer

can i created a meeting with you tomorrow?

THANKS

 

0 Karma
Reply

Amadou
Loves-to-Learn
‎07-04-2024 01:17 PM

build a search query that captures the desired data. Assuming that the bookmarked content is logged with an event type or field that specifies when content is bookmarked (e.g., action = "bookmark"),

 

here's a query you could use:

 

| tstats count where index="your_index" sourcetype="your_sourcetype" action="bookmark" earliest=-7d@d latest=now by content
| rename content as "Content", count as "Bookmark Count"

but having problem to find the exact field name.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...