Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
12-21-2023
02:12 AM
Hi @quangnm21 , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated
12-21-2023
02:09 AM
I dont think there is a connector for that purpose. If you want to follow the "develop your own solution" route i would recommend building a connector for SOAR instead of a function in the visual edi...
See more...
I dont think there is a connector for that purpose. If you want to follow the "develop your own solution" route i would recommend building a connector for SOAR instead of a function in the visual editor. IMO its more flexible on what you can do (e.g. include external libs) and its easily reusable and you can add multiple assets to use in the PBs. Also, the new app wizard makes it easier to get started and you have tons of "examples" if you look in the SOAR connector GitHub account.
12-21-2023
02:06 AM
HI @gcusello Thanks for the reply, I tried the horizon chart already, but its not meet my requirement (tooltips and the visibility of the graph and values on the axis are not looks good), Looki...
See more...
HI @gcusello Thanks for the reply, I tried the horizon chart already, but its not meet my requirement (tooltips and the visibility of the graph and values on the axis are not looks good), Looking for a better one. Thanks.
12-21-2023
02:05 AM
@gcusello , Thank you
12-21-2023
02:00 AM
Hi @vinod743374, see if the Horizon Chart - Custom Visualization (https://splunkbase.splunk.com/app/3117) is what you want. ciao. Giuseppe
12-21-2023
01:58 AM
Hi @selvam_sekar, they are two different thing to use in different situations: sheduled searches can be used when you have a fixed search to display in a panel, e.g. to replace a Real Time Search. ...
See more...
Hi @selvam_sekar, they are two different thing to use in different situations: sheduled searches can be used when you have a fixed search to display in a panel, e.g. to replace a Real Time Search. Summeary index is the best solution if you want to pre-elaborate your results and leave the users to aggregate as whey want the already elaborated results. I usually use summary indexes. Ciao. Giuseppe P.S.: Karma Points are appreciated
12-21-2023
01:53 AM
Splunk documentation has a page that guides customers to troubleshoot similiar issues as you described, like when they don't find the data/events. "Are you searching for events and not finding the...
See more...
Splunk documentation has a page that guides customers to troubleshoot similiar issues as you described, like when they don't find the data/events. "Are you searching for events and not finding them, or looking at a dashboard and seeing "No result data"? Here are a few common mistakes to check." https://docs.splunk.com/Documentation/Splunk/9.1.2/Troubleshooting/Cantfinddata
12-21-2023
01:36 AM
2 Karma
Hi toocies, Take a look here https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/ this has some good examples for your use case. Hope this helps ... cheers, MuS
12-21-2023
01:21 AM
Thanks! If I could, I would give you 10 Karma for this solution. It makes the panel so much nicer
12-20-2023
11:18 PM
sure, thanks for the note @gcusello . summary index or scheduled search both are same? Please could you suggest, how to implement the scheduled search ?
12-20-2023
10:54 PM
Hi @selvam_sekar, you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing My hint is to use D...
See more...
Hi @selvam_sekar, you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing My hint is to use Datamodels or Summary indexes. About the second, you have to schedule your searches with a frequency to defin based on the time for the search execution and your refresh requirements. So you can save the results in a summary index and then run your search on the aggregated values that you have in the summary index. Ciao. Giuseppe
12-20-2023
10:48 PM
Hi, My dashboard seems to be taking around 1.3 mints to load the data for multiple panels and sometime it takes around 4 mints to load the data. My client come up with an requirement to get 'auto re...
See more...
Hi, My dashboard seems to be taking around 1.3 mints to load the data for multiple panels and sometime it takes around 4 mints to load the data. My client come up with an requirement to get 'auto refresh" feature enabled for the dashboard with 15 mints intervals. I used base search and the base search intern uses the | tstats. I am not familiar with save search or scheduled serch or loadjob. Please could you advise? how to implement the feature Thanks, Selvam.
- Tags:
- dashboard
Labels
- Labels:
-
Classic dashboard
-
panel
12-20-2023
10:45 PM
1 Karma
Hi @quangnm21 , after every stats command (also tstats) you have only the fields that are present in the command, so dest_nt_domain and src_nt_domain aren't still present. You have to insert in the...
See more...
Hi @quangnm21 , after every stats command (also tstats) you have only the fields that are present in the command, so dest_nt_domain and src_nt_domain aren't still present. You have to insert in the tstats command the two fields with the values option: | tstats `security.content.summariesonly`
values(host) AS srcHost
dc(host) AS chost
min(_time) AS firstTime
max(_time) AS lastTime
values(Authentication.dest_nt_domain) AS dest_nt_domain
values(Authentication.src_nt_domain) AS src_nt_domain
FROM datamodel=Authentication
WHERE Authentication.action="success" Authentication.dest_nt_domain="PTIT" Authentication.src_nt_domain="PTIT" Authentication.user="qmn"
BY Authentication.user
| eval
abc = tostring(dest_nt_domain),
xyz = tostring(src_nt_domain) Then I hint to rename some fields avoiding the dot in the name (sometimes functions don't work). Last doubt: if you have the Authentication.user field in the WHERE condition, why do you have it also in the BY cluse? it's always one value! Last thing: please next time use, in addition to the screenshots, add also the search in text mode (using the "Insert/Edit code sample" button) , so I don't need to rewrite it! Ciao. Giuseppe
12-20-2023
09:45 PM
Sure! Let me try to give partial of my data here. { host :host01 metrics: { Started: true TotalConnectionCount: 0 Uptime: 3 days 3 hours UptimeMillis: 271021770 } ...
See more...
Sure! Let me try to give partial of my data here. { host :host01 metrics: { Started: true TotalConnectionCount: 0 Uptime: 3 days 3 hours UptimeMillis: 271021770 } } My search query involving the field that have problem is something like this. <search query> | spath output=metrics path=metrics | stats latest(metrics.Started) as started, latest(metrics.TotalConnectionCount) as connectionCount by host |eval state = if(started="true","UP","DOWN") | table host, state, connectionCount The problem comes with connectionCount. If it's not 0, it aligns right. If it's 0, it aligns left. Ps. Actually after I investigate this, this problem does not occur on Splunk search, but on the Splunk Dashboard Studio when I use the table on my dashboard. Any ideas?
12-20-2023
09:28 PM
Did you mean the drop down is not enabled to select? If thats the case, check the search which populates the dropdown. If it uses the macros, then ensure that the user/app has permissions to access ...
See more...
Did you mean the drop down is not enabled to select? If thats the case, check the search which populates the dropdown. If it uses the macros, then ensure that the user/app has permissions to access the macro and is expending the search
12-20-2023
09:26 PM
Hi, to hide edit button, I use this option in Canvas Config. Also, there is an idea "in Development" to allow Hide Splunk Bar in Dashboard Studio. Thank you.
12-20-2023
09:23 PM
My OS system is CentOS 7, with Appdynamics 21.4.4 installed. I plan to migrate to OS Ubuntu 2204 LTS and upgrade to Appdynamics 23.9. Can I use HA to migrate? Or should I use backup & restore to do t...
See more...
My OS system is CentOS 7, with Appdynamics 21.4.4 installed. I plan to migrate to OS Ubuntu 2204 LTS and upgrade to Appdynamics 23.9. Can I use HA to migrate? Or should I use backup & restore to do the transfer? I tried to migrate in different ways several times, but still can do it.
12-20-2023
09:18 PM
Few preliminary things to check Are the missing machine still up & running and part of your network? Is Splunk still running on those missing machines? Are the forwarders still able to connect to...
See more...
Few preliminary things to check Are the missing machine still up & running and part of your network? Is Splunk still running on those missing machines? Are the forwarders still able to connect to the indexers? Is the *nix apps (or whichever apps used ) are installed and configured?
12-20-2023
09:15 PM
thanks @richgalloway - yes, we looked at this Add-on but we found some limitations w.r.t. our use case - Please allow me some time and I will share more details on the use case.
