Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Remove unwanted subfolders in dashboard

thaara
Explorer
‎05-27-2020 06:13 AM

Hi Splunkers,

We are getting unwanted sub folders when we search for a particular sub folder

I am creating a query which displays the file system for a particular folder. But I am getting all the folder names instead of a particular folder name alone.

Consider, in server xyz, we are having n number of file system (example, /, /var, /var/abc, /var/abc/cde, etc. ). When I am searching for /var alone by giving that in query, it displays /var and all the sub folders in it. But that is not as expected.

Query:
index=" " sourcetype= " " mn=/ OR /var | eval Usage=replace(Used,"%","") | timechart values(usage) as Used by mn

note: mn means the file system name

Expected output:
Chart should show only / and /var file systems.

Output we are getting now:
Chart should show only / and /var and /var/abc and /var/abc/cde

Labels (1)
Labels
0 Karma
Reply

niketn
Legend
‎05-27-2020 09:45 AM

@thaara if you are using the following query I dont see how other subfolder will show up as you have not used * in the mn filter 

 index=" " sourcetype= " " mn IN ("/","/var")
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...