Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Posts
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- All Posts
All Posts
10-05-2023
10:34 PM
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples...
See more...
Hi I would like to integrate a viz like below in my dashboard But i wonder what is used to integrate a chart in a table row What kind of vizualisation is really used? Is anybody have xml examples? Thanks
- Tags:
- other
10-05-2023
10:29 PM
time range :last onemonth
10-05-2023
10:28 PM
@ahhloy - The append command does not combine the results, it generates two different results and append. To combine it you need to use the stats command after append. See the last line in the answer...
See more...
@ahhloy - The append command does not combine the results, it generates two different results and append. To combine it you need to use the stats command after append. See the last line in the answer from @richgalloway
10-05-2023
10:13 PM
Thanks No sys admin unfortunately So im going to try to correct it...
10-05-2023
09:57 PM
This? - Update your field names as necessary search events
| timechart sum(number_of_widgets) as widget_count sum(creation_time) as creation_time
10-05-2023
09:55 PM
Created test user and assign the viwer role, test user won't be see the settings option and manage app settings option , aHow to hide both settings? Please help me detailed process. Vijreddy
Labels
- Labels:
-
authentication
-
permissions
10-05-2023
09:48 PM
I have created test user and assigned to viwer role, my requirements is to hide the settings & manage setting options,,test user not able to see the above options. Please help me detailed pr...
See more...
I have created test user and assigned to viwer role, my requirements is to hide the settings & manage setting options,,test user not able to see the above options. Please help me detailed process. Regards, Vijay
Labels
- Labels:
-
permissions
10-05-2023
09:23 PM
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time ...
See more...
Have a log with related event One event has the number widgets made in the period and another event has the actual time taken to make the widgets in that period. i can do a search and get a time chart of number of widgets and time used . But, what I want is a timechart of the actualtime/number of widgets made.. How do i construct a search to do that.
10-05-2023
08:40 PM
You can't use regex in a search command but could do this search ...
| where match(user, "^[A-L]") which will filter only users starting with A-L or this search...
[| makeresults
...
See more...
You can't use regex in a search command but could do this search ...
| where match(user, "^[A-L]") which will filter only users starting with A-L or this search...
[| makeresults
| fields - _time
| eval user=split("ABCDEFGHIJKL","")
| mvexpand user
| eval user=user."*" ] which uses a subsearch which effectively turns the search into search ((user=A* OR user=B* OR user=C*...))
10-05-2023
08:16 PM
Hi All.. how can I search a range of characters in splunk.. example I want to search name of people whose name starts with A-L but not M-Z user = [A*-Z*] , can I have something like this ?
Labels
- Labels:
-
chart
-
field extraction
-
rex
-
stats
10-05-2023
08:06 PM
Hi everyone, I tried combining two REST command by using append. However it does not work. The first rest command , I would need to get info on who is the Search Head captain, and the 2nd rest comma...
See more...
Hi everyone, I tried combining two REST command by using append. However it does not work. The first rest command , I would need to get info on who is the Search Head captain, and the 2nd rest command I would need to get the bundle replication file size from the search head captain to display the bundle size. Hope some one can assist. Thank you. | rest splunk_server=local /services/shcluster/captain/info | fields Captain | rename label as Captain | append [ rest splunk_server=Captain /services/search/distributed/bundle-replication-files ] | eval timestamp=strftime(timestamp,"%m/%d/%y %H:%M:%S") | eval size=size/1024/1024/1024 | table filename timestamp size
10-05-2023
05:54 PM
What is your time range for both searches?
10-05-2023
05:53 PM
Thanks for the reply! I confirmed that there is a Trigger in the Alert Settings screen. However, this case is about setting up a Report to perform an action based on the search results. The configur...
See more...
Thanks for the reply! I confirmed that there is a Trigger in the Alert Settings screen. However, this case is about setting up a Report to perform an action based on the search results. The configuration item you told me was not present in the Report Schedule Settings. After doing some research on my own, I found that the item alert.digest_mode in savedsearches.conf may correspond to this, so I will try changing this setting.
10-05-2023
05:14 PM
then you should invent the timemachine, get the results, go back in time and update the results inside the event itself. <bootstrap paradox>
10-05-2023
05:12 PM
1 Karma
Without seeing how you assign the tokens, it's hard to say why they are not showing anything, but you have to assign the click names and values in the <drilldown> section - these will not show any va...
See more...
Without seeing how you assign the tokens, it's hard to say why they are not showing anything, but you have to assign the click names and values in the <drilldown> section - these will not show any value outside that, so this will never work. <b>$$clickname$$</b>: $click.name$<br/>
<b>$$clickvalue$$</b>: $click.value$<br/>
<b>$$clickname2$$</b>: $click.name2$<br/>
<b>$$clickvalue2$$</b>: $click.value2$<br/> Here is a working example of a <row> that shows you how it works <row>
<panel>
<chart>
<search>
<query>index=_audit
| chart count over user by action</query>
<earliest>-4h@m</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<drilldown>
<set token="user">$row.user$</set>
<set token="CV">$click.value$</set>
<set token="CN">$click.name$</set>
<set token="CV2">$click.value2$</set>
<set token="CN2">$click.name2$</set>
</drilldown>
</chart>
<html depends="$CV$">
<h2>CV=$CV$</h2>
<h2>CN=$CN$</h2>
<h2>CV2=$CV2$</h2>
<h2>CN2=$CN2$</h2>
<h2>User=$user$</h2>
</html>
</panel>
</row>
10-05-2023
05:04 PM
I need these times in the event itself
10-05-2023
05:02 PM
Please run that scheduled search query and then check the "inspect job".. you will get more than you wanted. thanks.
10-05-2023
05:01 PM
If your problem is resolved, then please click the "Accept as Solution" button to help future readers.
10-05-2023
04:19 PM
For each result alert.digest_mode = 0 or false Once alert.digest_mode = 1 or true
