@anooshac Can you please try this sample code? Please observe 2nd column width. <dashboard version="1.1" theme="dark">
<label>table column size</label>
<row>
<panel>
<table id="tab...
See more...
@anooshac Can you please try this sample code? Please observe 2nd column width. <dashboard version="1.1" theme="dark">
<label>table column size</label>
<row>
<panel>
<table id="tableColumWidth">
<search>
<query>|makeresults count=5 | eval A=random(), B=random(), status=A, action=A</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<html>
<style>
#tableColumWidth table th:nth-child(2),
#tableColumWidth table td:nth-child(2) {
width: 1000px !important;
overflow-wrap: anywhere !important;
}
</style>
</html>
</panel>
</row>
</dashboard> I hope this will help you. Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.
thank you for the quick reply my query is whenever I refresh the whole dashboard I want to set a token to its default value. SO is there a condition that i can use.
Hi @Siddharthnegi , there's an option to put in the dashboard header: <dashboard refresh="30"> to define the time (in seconds) to refresh the full dashboard. Ciao. Giuseppe
Hi @Siddharthnegi, sorry but your question isn't so clear: if you want to refresh the full dashboard, youcan click on the browser Refresh button. If you want to refresh a single panel, you can cli...
See more...
Hi @Siddharthnegi, sorry but your question isn't so clear: if you want to refresh the full dashboard, youcan click on the browser Refresh button. If you want to refresh a single panel, you can click on the panel's Refresh button (in the right bottom side of the panel). If you want to refresh a singe token, you can see some previous answer (also from me) https://community.splunk.com/t5/Dashboards-Visualizations/How-to-reset-dashboard-tokens-using-XML/td-p/504857 or https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-refresh-button-to-dashboard/m-p/587776/highlight/true Ciao. Giuseppe
Hi everyone, Is there a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes.... I found a solution about the worker but, the file that ...
See more...
Hi everyone, Is there a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes.... I found a solution about the worker but, the file that solution talk about doesn't exists which is "umsgi.ini"
@KendallW"c49b6a70qw" is an example transactionID in the field name "Transaction.ID" that is sent to the index in double quotes. I tried this search query but got the same error message: | tran...
See more...
@KendallW"c49b6a70qw" is an example transactionID in the field name "Transaction.ID" that is sent to the index in double quotes. I tried this search query but got the same error message: | transaction "Transaction.ID" | chart duration over _time
thank you so much do u have a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes.... I found a solution about the worker but, the fil...
See more...
thank you so much do u have a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes.... I found a solution about the worker but, the file that solution talk about doesn't exists which is "umsgi.ini"
Is "c49b6a70qw" the field name or field value? It needs to be the field name. E.g. If the field name is "transactionID", then please run the search query exactly as my previous comment.
@KendallW I tried this but it says 'Error in 'chart' command: The specifier 'duration' is invalid. It must be in form <func>(<field>). For example: max(size).': | transaction "c49b6a70qw" | cha...
See more...
@KendallW I tried this but it says 'Error in 'chart' command: The specifier 'duration' is invalid. It must be in form <func>(<field>). For example: max(size).': | transaction "c49b6a70qw" | chart duration over _time
is there a condition or command for manually refreshing dashboard? so whenever i click on refresh button of dashboard it refreshes, but i want whenever i refresh dashboard , i want to set a particu...
See more...
is there a condition or command for manually refreshing dashboard? so whenever i click on refresh button of dashboard it refreshes, but i want whenever i refresh dashboard , i want to set a particular token value to something. is that possible
Hi @JPR the default "user" role has access to the fields menu. Check the capabilities assigned to this role compared to the role you have created. | rest servicesNS/-/-/authorization/roles/user...
See more...
Hi @JPR the default "user" role has access to the fields menu. Check the capabilities assigned to this role compared to the role you have created. | rest servicesNS/-/-/authorization/roles/user
| fields title capabilities
Hi experts, I am going through installation and set up of Splunk App for Data Science and Deep Learning. Have come across mention of minimum requirement mentioned for transformer GPU container at: ...
See more...
Hi experts, I am going through installation and set up of Splunk App for Data Science and Deep Learning. Have come across mention of minimum requirement mentioned for transformer GPU container at: https://docs.splunk.com/Documentation/DSDL/5.1.2/User/TextClassAssistant What are the minimum requirements for CPU only Docker host machine in general when using this tool kit? Thanks, MCW
@KendallW That's right. There are multiple transactions and each transaction has a transactionID. Each transaction can have a job type which can be either 'Completed' or 'Started'.
Hi @thangs4 , From your second screenshot it doesn't look like the events are being parsed correctly. It looks like there wasn't a clean break between the events, and a timestamp wasn't extracted ...
See more...
Hi @thangs4 , From your second screenshot it doesn't look like the events are being parsed correctly. It looks like there wasn't a clean break between the events, and a timestamp wasn't extracted from the first event. Try using these settings in props.conf on your indexer/HF to explicitly break events before/after the <Event> and </Event> tags: KV_MODE=xml
TRUNCATE = 0
SHOULD_LINEMERGE = false
LINE_BREAKER=([\r\n]+)\<Event\sxmlns
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%9QZ
TIME_PREFIX=<TimeCreated SystemTime='
MUST_BREAK_AFTER = \<\/Event\>
NO_BINARY_CHECK=true
CHARSET=AUTO
disabled=false
Hi everyone, I have a problem with the line-break in Splunk. I have tried following the methods as in other posts. Here is my props.conf [test1:sec] SHOULD_LINEMERGE=false LINE_BREAKER=([\r\n]+)...
See more...
Hi everyone, I have a problem with the line-break in Splunk. I have tried following the methods as in other posts. Here is my props.conf [test1:sec] SHOULD_LINEMERGE=false LINE_BREAKER=([\r\n]+) NO_BINARY_CHECK=true CHARSET=AUTO disabled=false TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%9QZ TIME_PREFIX=<TimeCreated SystemTime=' when I applied this sourcetype in raw windows, it work. but after I finished, it was one event raw windows #line-break