Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk dashboard for printer statistics
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
has anyone done this before? i want to make a report that will have 4 columns (print server, print queue, documents printed in last 30 days, date last printed to) and will contain all printers from the servers. The documents printed will just be an incrementing number and the date last printed to can just be mm/dd/yyyy. If the columns could be sorted from smallest to largest on date last printed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I made this this into a two panel dashboard,
panel1;
[text box for field1] [text box for field4] [text box for field5]
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"| Search Printers=*$field4$* AND host=*$field5$*| stats count by _time Printers host| Where count < $field1$| Rename count as Count | Sort -Count
panel2;
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"|timechart count by Printers useother=f usenull=f
08/10/1850 10:00:01 AM
LogName=System
SourceName=PrintSpooler
EventCode=10
EventType=4
Type=Information
ComputerName=print_server1
User=User1
TaskCategory=None
OpCode=None
RecordNumber=12345
Keywords=Classic
Message=Document 1, Reports - lolz owned by lolz was printed on Printer_1 through port 1.1.1.1 . Size in bytes: 15415151515.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I made this this into a two panel dashboard,
panel1;
[text box for field1] [text box for field4] [text box for field5]
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"| Search Printers=*$field4$* AND host=*$field5$*| stats count by _time Printers host| Where count < $field1$| Rename count as Count | Sort -Count
panel2;
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"|timechart count by Printers useother=f usenull=f
08/10/1850 10:00:01 AM
LogName=System
SourceName=PrintSpooler
EventCode=10
EventType=4
Type=Information
ComputerName=print_server1
User=User1
TaskCategory=None
OpCode=None
RecordNumber=12345
Keywords=Classic
Message=Document 1, Reports - lolz owned by lolz was printed on Printer_1 through port 1.1.1.1 . Size in bytes: 15415151515.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you could include some of the logs you have, that might make it easier for someone to help!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have the raw data, this should be trivial.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
