Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Adding logs containing specific text to the panel in splunk dashboard

Jameskotch96
Explorer
‎11-04-2023 12:16 PM

I have a dashboard for my application. And in that dashboard, I have an empty panel created, to add the logs of that application when a certain exception occurs. So for that I have added a log.info object with some unique text in it. How do I configure the empty panel on the dashboard so that those specific logs containing unique text should be displayed in the panel for now on.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-05-2023 01:14 AM

Assuming your dropdown token name is "environment", try this

env=$environment$ `app_logs(application_name)` "my unique text"

View solution in original post

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-04-2023 01:11 PM

In your panel, define a table with a search query that finds the events with your specific text in.

0 Karma
Reply
Solved! Jump to solution

Jameskotch96
Explorer
‎11-04-2023 01:46 PM

Hello @ITWhisperer I'm completely new to splunk, could you please be more specific about the query that I need to use?

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-04-2023 01:53 PM

Start with the search app - what search do you use to find the events you are interested in - for example

index=<your index> "string you want to find"
0 Karma
Reply
Solved! Jump to solution

Jameskotch96
Explorer
‎11-04-2023 07:04 PM

@ITWhisperer I have a list of environments in a drop-down, so whenever I select a different environment, I should get the logs of that environment in that panel. How do I configure that

Right now my configuration is as follows:

 

env=dev `app_logs(application_name)` "my unique text"

 

 

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-05-2023 01:14 AM

Assuming your dropdown token name is "environment", try this

env=$environment$ `app_logs(application_name)` "my unique text"
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...