All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

@anooshac  Can you please try this sample code?  Please observe 2nd column width. <dashboard version="1.1" theme="dark"> <label>table column size</label> <row> <panel> <table id="tab... See more...
@anooshac  Can you please try this sample code?  Please observe 2nd column width. <dashboard version="1.1" theme="dark"> <label>table column size</label> <row> <panel> <table id="tableColumWidth"> <search> <query>|makeresults count=5 | eval A=random(), B=random(), status=A, action=A</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> <row> <panel> <html> <style> #tableColumWidth table th:nth-child(2), #tableColumWidth table td:nth-child(2) { width: 1000px !important; overflow-wrap: anywhere !important; } </style> </html> </panel> </row> </dashboard>   I hope this will help you.   Thanks KV An upvote would be appreciated if any of my replies help you solve the problem or gain knowledge.
thank you for the quick reply my query is whenever I refresh the whole dashboard I want to set a token to its default value. SO is there a condition that i can use.
Hi @Siddharthnegi , there's an option to put in the dashboard header: <dashboard refresh="30"> to define the time (in seconds) to refresh the full dashboard. Ciao. Giuseppe
Hi @Siddharthnegi, sorry but your question isn't so clear: if you want to refresh the full dashboard, youcan click on the browser Refresh button. If you want to refresh a single panel, you can cli... See more...
Hi @Siddharthnegi, sorry but your question isn't so clear: if you want to refresh the full dashboard, youcan click on the browser Refresh button. If you want to refresh a single panel, you can click on the panel's Refresh button (in the right bottom side of the panel). If you want to refresh a singe token, you can see some previous answer (also from me) https://community.splunk.com/t5/Dashboards-Visualizations/How-to-reset-dashboard-tokens-using-XML/td-p/504857 or https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-refresh-button-to-dashboard/m-p/587776/highlight/true Ciao. Giuseppe
Hi everyone, Is there a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes....  I found a solution about the worker but, the file that ... See more...
Hi everyone, Is there a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes....  I found a solution about the worker but, the file that solution talk about doesn't exists which is "umsgi.ini"
@ITWhisperer,so there is no solution for changing width?
@KendallW"c49b6a70qw" is an example transactionID in the field name "Transaction.ID" that is sent to the index in double quotes. I tried this search query but got the same error message: | tran... See more...
@KendallW"c49b6a70qw" is an example transactionID in the field name "Transaction.ID" that is sent to the index in double quotes. I tried this search query but got the same error message: | transaction "Transaction.ID" | chart duration over _time
thank you so much do u have a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes....  I found a solution about the worker but, the fil... See more...
thank you so much do u have a way to speed up the Splunk SOAR capabilities to process the events, it can't process a 100 events every 5 minutes....  I found a solution about the worker but, the file that solution talk about doesn't exists which is "umsgi.ini"
Is "c49b6a70qw" the field name or field value?  It needs to be the field name. E.g.  If the field name is "transactionID", then please run the search query exactly as my previous comment.
@KendallW I tried this but it says 'Error in 'chart' command: The specifier 'duration' is invalid. It must be in form <func>(<field>). For example: max(size).': | transaction "c49b6a70qw" | cha... See more...
@KendallW I tried this but it says 'Error in 'chart' command: The specifier 'duration' is invalid. It must be in form <func>(<field>). For example: max(size).': | transaction "c49b6a70qw" | chart duration over _time
@Siddharthnegi https://community.splunk.com/t5/Dashboards-Visualizations/Automatically-Refresh-Dashboard/m-p/64506#M3376 
is there a condition or command for manually refreshing dashboard? so whenever i click on refresh button of  dashboard it refreshes, but i want  whenever i refresh dashboard , i want to set a particu... See more...
is there a condition or command for manually refreshing dashboard? so whenever i click on refresh button of  dashboard it refreshes, but i want  whenever i refresh dashboard , i want to set a particular token value to something. is that possible
Try this: index=testindex sourcetype=json source=websource | transaction "Transaction.ID" | chart values(duration) over _time
Hi @JPR  the default "user" role has access to the fields menu. Check the capabilities assigned to this role compared to the role you have created. | rest servicesNS/-/-/authorization/roles/user... See more...
Hi @JPR  the default "user" role has access to the fields menu. Check the capabilities assigned to this role compared to the role you have created. | rest servicesNS/-/-/authorization/roles/user | fields title capabilities
is there a condition for refreshing a dashboard. like if(dashboard refresh , 0 ,1)  
Hi experts, I am going through installation and set up of Splunk App for Data Science and Deep Learning. Have come across mention of minimum requirement mentioned for transformer GPU container at: ... See more...
Hi experts, I am going through installation and set up of Splunk App for Data Science and Deep Learning. Have come across mention of minimum requirement mentioned for transformer GPU container at: https://docs.splunk.com/Documentation/DSDL/5.1.2/User/TextClassAssistant What are the minimum requirements for CPU only Docker host machine in general when using this tool kit?   Thanks, MCW  
@KendallW  That's right. There are multiple transactions and each transaction has a transactionID. Each transaction can have a job type which can be either 'Completed' or 'Started'.
Hi @AZ1 Try this -Try clearing browser cache -Check your browser is up to date -Try a different browser -Try updating Splunk
Hi @thangs4 , From your second screenshot it doesn't look like the events are being parsed correctly. It looks like there wasn't a clean break between the events, and a timestamp wasn't extracted ... See more...
Hi @thangs4 , From your second screenshot it doesn't look like the events are being parsed correctly. It looks like there wasn't a clean break between the events, and a timestamp wasn't extracted from the first event.  Try using these settings in props.conf on your indexer/HF to explicitly break events before/after the <Event> and </Event> tags: KV_MODE=xml TRUNCATE = 0 SHOULD_LINEMERGE = false LINE_BREAKER=([\r\n]+)\<Event\sxmlns TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%9QZ TIME_PREFIX=<TimeCreated SystemTime=' MUST_BREAK_AFTER = \<\/Event\> NO_BINARY_CHECK=true CHARSET=AUTO disabled=false
Hi everyone, I have a problem with the line-break in Splunk. I have tried following the methods as in other posts.  Here is my props.conf [test1:sec] SHOULD_LINEMERGE=false LINE_BREAKER=([\r\n]+)... See more...
Hi everyone, I have a problem with the line-break in Splunk. I have tried following the methods as in other posts.  Here is my props.conf [test1:sec] SHOULD_LINEMERGE=false LINE_BREAKER=([\r\n]+) NO_BINARY_CHECK=true CHARSET=AUTO disabled=false TIME_FORMAT=%Y-%m-%dT%H:%M:%S.%9QZ TIME_PREFIX=<TimeCreated SystemTime=' when I applied this sourcetype in raw windows, it work. but after I finished, it was one event raw windows #line-break