All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.

All Posts

Hi All, I have a dashboard built using dashboard studio. I want to pass multiple tokens to another dashboard on click of value in one of the panels. I am using interactions --> Link to dashboar... See more...
Hi All, I have a dashboard built using dashboard studio. I want to pass multiple tokens to another dashboard on click of value in one of the panels. I am using interactions --> Link to dashboard. Adding tokens here. But not getting how to pass multiple tokens so it reflects in another dashboard.  Please can anyone suggest me on this. Regards, pnv
Hi @sle, good for you, see next time! let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points ar... See more...
Hi @sle, good for you, see next time! let me know if I can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hi @mfonisso, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
Hi @kreddykotla , please try this  | rex "(?<your_field>[^-]+)\/[^\/]+$" that you can test at https://regex101.com/r/0yi0zt/1 Ciao. Giuseppe
Hi All, I wanted to capture both Windows and Unix servers CPU, Memory and Disk usage.  below are sample event.    
https://www.nike.com/in/t/air-max-90-lv8-shoes-5KhTdP/FD4328-102 https://www.nike.com/in/t/air-max-dn-shoes-FtLNfm/DV3337-006 i need to extract  value 5KhTdP, FtLNfm
I have replicated the issue and here's what I have found Only the top four values will be shown on the pie chart no matter how many fields are present in the table and no matter what value is used... See more...
I have replicated the issue and here's what I have found Only the top four values will be shown on the pie chart no matter how many fields are present in the table and no matter what value is used in Minimum Size / sliceCollapsingThreshold if there are: six or more fields at least one of them is significantly smaller than the largest number  the sum of all values is greater than 64,250 Test it yourself: Run this search and look what happens when you change the value of 'f' from 53138 to 53139 | makeresults | eval a=1 | eval b=10 | eval c=100 | eval d=1000 | eval e=10000 | eval f=53138 | fields - _time | transpose | rename column as Status, "row 1" as count       Could someone from Splunk please explain what is going on here, or add this to the known issues?  
Hi, were you able to solve this? I need to tag a person(alert specific) in a single channel.
Hi @alvesri It sounds like the token from the date picker is not plugged in to any searches on the dashboard.  The searches should look something like this:  <search> <query>index=someindex sourc... See more...
Hi @alvesri It sounds like the token from the date picker is not plugged in to any searches on the dashboard.  The searches should look something like this:  <search> <query>index=someindex sourcetype=somesourcetype</query> <earliest>$time_tok$</earliest> <latest>now</latest> </search> Could you share the dashboard's XML?
I am encountering exactly the same issue - only 6 fields but one of them is collapsed.  Also tried charting.chart.sliceCollapsingThreshold = 0 - no luck
Add a space between  the two timechart functions. E.g.  | timechart avg(event.Properties.duration) stdev(event.Properties.duration) Also, you can remove the  | iplocation  as we aren't using any ... See more...
Add a space between  the two timechart functions. E.g.  | timechart avg(event.Properties.duration) stdev(event.Properties.duration) Also, you can remove the  | iplocation  as we aren't using any of the fields that command adds for this visualization, so it will only slow down the search.
Hi @Dean.Marchetti  If your question is about dynamically starting appd, the closest match will be: https://docs.appdynamics.com/appd/24.x/latest/en/application-monitoring/install-app-server-agen... See more...
Hi @Dean.Marchetti  If your question is about dynamically starting appd, the closest match will be: https://docs.appdynamics.com/appd/24.x/latest/en/application-monitoring/install-app-server-agents/java-agent/install-the-java-agent#id-.InstalltheJavaAgentv24.3-AttachtheJavaAgenttoaRunningJVMProcess Not sure if this is what you looking for? regards, Terence
Hi Kendall  yes i tried that, stil not getting any output   
Hi @jaibalaraman, You can calculate the mean and standard deviation using the stats command: | stats avg(event.Properties.duration) as u stdev(event.Properties.duration) as s however, that won't p... See more...
Hi @jaibalaraman, You can calculate the mean and standard deviation using the stats command: | stats avg(event.Properties.duration) as u stdev(event.Properties.duration) as s however, that won't produce a chart. At a glance, your data is not normally distributed. You can generate a simple histogram with the chart command: | chart count over event.Properties.duration span=31 If you have Splunk Machine Learning Toolkit installed, you can use the histogram macro and visualization: | `histogram("event.Properties.duration", 31)` Note that the histogram macro uses the bin command: bin "$var$" bins=$bins$ | stats count by "$var$" | makecontinuous "$var$" | fillnull count It won't necessarily honor your bin count. What type of graph or visualization would you like to create?
Hi @jaibalaraman try this . . . | timechart avg(event.Properties.duration) stdev(event.Properties.duration)
Hi @purcell12491, check if this answers your question: https://community.splunk.com/t5/Splunk-Enterprise/How-to-distinctively-count-concurrent-users-when-event-has/m-p/492648#M1641
Hi  Can anyoine suggest me how to create Avg & Std Dev graph from the fields    
Hi @Moshe, Before Java 8, Oracle (and Sun prior to its acquisition) included a JDBC-ODBC bridge driver with Java for Windows. Java 7 support ended  in 2022, and Splunk DB Connect support for Java 7 ... See more...
Hi @Moshe, Before Java 8, Oracle (and Sun prior to its acquisition) included a JDBC-ODBC bridge driver with Java for Windows. Java 7 support ended  in 2022, and Splunk DB Connect support for Java 7 ended many years ago. If no JDBC driver is available for your data source, you may be able to find a current JDBC-ODBC bridge solution from OpenText (formerly Micro Focus, which acquired Serena Software and Merant), CData, or another vendor. Those vendors may also sell a JDBC driver for your data source; however, not all JDBC drivers support the interfaces required by Splunk DB Connect. Which ODBC driver and/or database platform are you trying to query? A scripted input might be the easiest solution to your problem.
@isoutamo any one could help to take a look
Hi @dyuen You could use outputlookup to store the output of column C in a lookup.