Try something like this <html>
<style>
#hide_number_distribution .highcharts-data-label text {
display: none !important;
}
#hide_number_dist...
See more...
Try something like this <html>
<style>
#hide_number_distribution .highcharts-data-label text {
display: none !important;
}
#hide_number_distribution .highcharts-series-0 .highcharts-data-label text {
display: block !important;
}
#hide_number_distribution .highcharts-series-0 path,
#hide_number_distribution .highcharts-legend .highcharts-series-0 text {
display: none !important;
}
</style>
</html>
Have you seen https://github.com/splunk/splunk-ansible ? There are some good docs and examples within the repo that you can use to get started! I hope this helps! Will
In my dashboard, when one of the dropdowns are changed I need to reset the value in the other dropdowns to the default value (*); this can easily be done using the <change> function so no issues ther...
See more...
In my dashboard, when one of the dropdowns are changed I need to reset the value in the other dropdowns to the default value (*); this can easily be done using the <change> function so no issues there. The problem arises when the user clicks a link to the dashboard with pre-populated parameters for the dropdowns (user is taken to a specific state of the dropdowns). The loading of the dashboard with the incoming HTTP parameters for the dropdowns also trigger the <change> to happen and thus resetting all of the selected dropdowns. My questions is, how can I prevent the <change> to trigger on the Initial Load of the Dashboard? Once the Dashboard has been loaded I want the <change> to trigger when the user changes certain dropdowns. I tried the following approach. In the dropdown for which I want to prevent the <change> to trigger a condition was added to check that the Token $FirstLoad$ is set to "Done". <change> <condition match="tostring($FirstLoad$) == "Done""> <set token="form.PipelineName">*</set> <set token="form.LabelName">*</set> </condition> In the heaviest Search I set a Token when completed (Done): <done> <set token="FirstLoad">Done</set> </done> The thinking for the above was that since on Initial Load the $FirstLoad$ Token will not initially be set which should prevent the <change> to trigger, but as soon as the $FirstLoad$ Token is updated to "Done", the <change> is triggered. Very frustrating. Anyways, maybe I am missing something simple? Any ideas are appreciated.
Hi @danielbb , there are many ProofPoint modules and many ways to take logs (syslogs, scripts, etc...) see here to be guided: https://www.proofpoint.com/us/partners/splunk Ciao. Giuseppe
Looking at Splunk base, and there are quite a lot of Proofpoint apps/TAs, which one should I install in order to connect to the Proofpoint endpoint and receive the data?
I think that app was removed for 9.3. What is confusing is that you said this was a new build as opposed to an upgrade - maybe you are pushing it and it shouldn't be there? https://docs.splunk....
See more...
I think that app was removed for 9.3. What is confusing is that you said this was a new build as opposed to an upgrade - maybe you are pushing it and it shouldn't be there? https://docs.splunk.com/Documentation/SecureGateway/3.5.15/ReleaseNotes/Releasenotes
Easy-peasy index=_internal host=* component=Metrics name=thruput earliest=-24h
| stats sum(total_k_processed) as "total data transfer" by host
```Convert KB to GB```
| eval "total data transfer" = '...
See more...
Easy-peasy index=_internal host=* component=Metrics name=thruput earliest=-24h
| stats sum(total_k_processed) as "total data transfer" by host
```Convert KB to GB```
| eval "total data transfer" = 'total data transfer'/1024/1024
I am troubleshooting an API failure for a Splunk SOAR app. I found that the response code and details of the API are written to the system via save_progress method under BaseConnector class. But I ca...
See more...
I am troubleshooting an API failure for a Splunk SOAR app. I found that the response code and details of the API are written to the system via save_progress method under BaseConnector class. But I can't find those logs in the actiond log file. Could you guide me if those were somewhere else so that I can find tham?
On a new install of Splunk Enterprise 9.4.0 on the intended Deployment Server Settings ==> Forwarding Management We get the following: Forwarder Management unavailable There is an error in your s...
See more...
On a new install of Splunk Enterprise 9.4.0 on the intended Deployment Server Settings ==> Forwarding Management We get the following: Forwarder Management unavailable There is an error in your serverclass.conf which is preventing deployment server from initializing. Please see your serverclass.conf.spe file for more information. This is the first time that I've seen this in the years that I've been Splunking and the only serverclass.conf file is from the installation in $SPLUNK_HOME/etc/system/default. What am I missing? Help, please
Hi @anlePRH , you could try something like this (to adapt to your requirement): index=source sourcetype="source"
| eval type=if(_time>now()-86400,"Today","Last30days")
| chart count OVER Source...
See more...
Hi @anlePRH , you could try something like this (to adapt to your requirement): index=source sourcetype="source"
| eval type=if(_time>now()-86400,"Today","Last30days")
| chart count OVER SourceIP BY type Ciao. Giuseppe
Hi all Trying to work on something which currently shows a bunch of IP hits and counts against it, the current output is the last 2 hours Query: index=source sourcetype="source" | stats count...
See more...
Hi all Trying to work on something which currently shows a bunch of IP hits and counts against it, the current output is the last 2 hours Query: index=source sourcetype="source" | stats count values(Hostname) by SourceIP | sort by -count | rename "count" to "Total count", "values(Hostname)" to "Hosts" Output: IP Count 100.100.100.100 5 I want to add a new column called "Last30days" that looks at the IP address found in column 1 and a count search for the last 30 days, so like above but another column for the last 30days, final output below. IP Count Last30days 100.100.100.100 1 10 tried various variaitions but can't get it to work
Only one attention point: don't use only one HF to concentrate logs, because in this way you have a Single Point of Failure. So, in this case, how can we make it redundant?
Hi everyone. I need to modify this bar chart In order to hide the overlay lay and display the overlay values. Also need to remove "Total" value from the legend. This is my CSS configurati...
See more...
Hi everyone. I need to modify this bar chart In order to hide the overlay lay and display the overlay values. Also need to remove "Total" value from the legend. This is my CSS configurations that doesn't works: <row> <panel depends="$css$"> <title>CSS</title> <html> <style/> <!-- hide numbers on the chart --> #hide_number_distribution .highcharts-data-label text tspan { visibility:hidden; } <!-- show numbers for "Total" --> #hide_number_distribution .highcharts-series-0 .highcharts-data-label text tspan { visibility:visible !important; } <!-- hide line for "Total" --> #hide_number_distribution .highcharts-series-0.highcharts-line-series path { visibility:hidden !important; } <!-- hide "Total" from the legend --> #hide_number_distribution .highcharts-legend-item .highcharts-line-series .highcharts-color-undefined .highcharts-series-0 { visibility:hidden !important; } </style> </html> </panel> </row> The id "hide_number_distribution" is on the panel (not on the chart) and the dataLabels option for the chart is: <option name="charting.chart.showDataLabels">none</option> Can anyone help me to understand why this not works and fix it? Thanks in advance