- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk dashboard for printer statistics
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
has anyone done this before? i want to make a report that will have 4 columns (print server, print queue, documents printed in last 30 days, date last printed to) and will contain all printers from the servers. The documents printed will just be an incrementing number and the date last printed to can just be mm/dd/yyyy. If the columns could be sorted from smallest to largest on date last printed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I made this this into a two panel dashboard,
panel1;
[text box for field1] [text box for field4] [text box for field5]
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"| Search Printers=*$field4$* AND host=*$field5$*| stats count by _time Printers host| Where count < $field1$| Rename count as Count | Sort -Count
panel2;
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"|timechart count by Printers useother=f usenull=f
08/10/1850 10:00:01 AM
LogName=System
SourceName=PrintSpooler
EventCode=10
EventType=4
Type=Information
ComputerName=print_server1
User=User1
TaskCategory=None
OpCode=None
RecordNumber=12345
Keywords=Classic
Message=Document 1, Reports - lolz owned by lolz was printed on Printer_1 through port 1.1.1.1 . Size in bytes: 15415151515.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I made this this into a two panel dashboard,
panel1;
[text box for field1] [text box for field4] [text box for field5]
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"| Search Printers=*$field4$* AND host=*$field5$*| stats count by _time Printers host| Where count < $field1$| Rename count as Count | Sort -Count
panel2;
index=index1 host="print_server1" OR host="print_server2" "was printed" | rex field=_raw "\was\s\w\w\w\w\w\w\w\s\w\w\s(?P<Printers>\w+\d\d)"|timechart count by Printers useother=f usenull=f
08/10/1850 10:00:01 AM
LogName=System
SourceName=PrintSpooler
EventCode=10
EventType=4
Type=Information
ComputerName=print_server1
User=User1
TaskCategory=None
OpCode=None
RecordNumber=12345
Keywords=Classic
Message=Document 1, Reports - lolz owned by lolz was printed on Printer_1 through port 1.1.1.1 . Size in bytes: 15415151515.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you could include some of the logs you have, that might make it easier for someone to help!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have the raw data, this should be trivial.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
