hi I use a timechart which is linked to a "today" token time  On the x axis, I need only to display events between 7h and 19h I tried this but the x axis go to 0.00h from the current time How to do for the x axis begin only a 7h00? thanks   index=toto | eval local_time=strftime('_time', "%H%M") | search local_time >="0700" AND local_time <="1900" | timechart span=15min dc(s) as user by type    

Hi I use this CSS code in order to enlarge the size of the data values in the bars chart Now I also need to enlarge the x and the y axis label size How to do this please? <style> #myHighChart g.highcharts-data-label text { fill: white !important; font-weight: bold !important; font-size: 20px !important; } </style>  

Hi, I am unable to create a simple alert using the following documentation.  As per documentation, the required parameters are Search and name. Following code is written in Javascript Here is my request: const data = { "alert_comparator": "equal to", "alert_threshold": "0", "alert_type": "number of events", "cron_schedule": "*/1 * * * *", "search": "index%3D%22global-events-qa%22%20functionName%3D%22correspondence-service%22", "name": "Simple alert" } const response = await axios.post(' https://app.splunkcloud.com:8089/services/saved/searches', data,{ headers: { ...(await getAuth({region: 'ap-southeast-2'}))} }); Here is the error:  Cannot perform action "POST" without a target name to act on. Documentation Link: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch?_ga=2.62077416.557388192.1646109950-663789425.1628561939#saved.2Fsearches It will be really great if you could share some working examples somewhere in your documentation.  Thanks in advance!

Hi There, I have got some results in after running the below command my search |  | bucket _time span=1h | stats count by _time http_status | eventstats sum(count) as totalCount by _time | eval percent=round((count/totalCount),3)*100 | fields - count - totalCount Output is as follows time                                      status                    percent 2022-03-02 05:30:00 100 10.0 2022-03-02 05:30:00 200 30.0 2022-03-02 05:30:00 300 60.0 2022-03-02 06:30:00 100 30.0 2022-03-02 06:30:00 200 60.0 2022-03-02 07:30:00 300 10.0 2022-03-02 07:30:00 100 20.0 2022-03-02 07:30:00 200 30.0 2022-03-02 06:30:00 300 50.0   I am trying to transpose the output as below : time                                     100                        200     300  2022-03-02 05:30:00 10.0 30.0 60.0 2022-03-02 06:30:00 30.0 60.0 10.0 2022-03-02 07:30:00 20.0 30.0 50.0   please assist

Hi All,  Have searched for many months and unable to locate what i need. something i believe should be so simple is alluding me..looking for some help on this.  I am trying to change the colour of a bar / column chart to represent a different colour per the size of the shop and showing how many alarm incidents they have had. Visually this should allow me to see a comparison of alerts across my Large shops / my Small Shops by looking at a color only and not having to remember each shops size. ie all green shops are small.  My test table is as followed : On my Graph i would like for the Size of the Shop to be color coded - Large - blue, Medium-yellow, Small-green ( the color of the 3 sizes i am not fussy on) .  Shop Size TypeReport NoEvents A Large FrontAlarm 76 A Large BackAlarm 115 B Small FrontAlarm 37 B Small BackAlarm 132 C Medium FrontAlarm 81 C Medium BackAlarm 39 D Large FrontAlarm 159 D Large BackAlarm 110 E Small FrontAlarm 26 E Small BackAlarm 71 F Medium FrontAlarm 113 F Medium BackAlarm 49   I have tried several Evals but just do not see to be able to get this right. I have tried to follow several answers within the splunk community on this topic, but due to the answers evaluating time - its throwing me out and thus losing that last piece to the puzzle - i have been trying things such as -  | inputlookup Testcolor.csv | search TypeReport="FrontAlarm" | stats count by NoEvents | eval {NoEvents}=count | fields - count and changing the source with the below but still no luck.  <option name="charting.fieldColors">{"A":#32a838,"B":#006D9C,"C":#006D9C,"D":#32a838,"E":#006D9C,"F":#006D9 }</option> To even trying  | inputlookup Testcolor.csv | search TypeReport="FrontAlarm" | stats count by NoEvents | eval Shop="A, B, C, D, E, F" | makemv Shop delim="," | mvexpand Shop | eval count=NoEvents | table Shop count | eval {Shop}=count | fields - count   The above Seemed to get me close but no cigar. I have another 6 weeks before i really need to figure this out, any help would be appreciated.  ( Id also prefer to build this in dashboard studio if that does help my problem - i am also only using static data so times are pulled in)  Cheers    

If I do an index search, raw events are listed in reverse _time order, which is often also the reverse _indextime order so I don't exactly know which.  But if I table the results, the table is no longer in this order.  Why is it so? I used the following to inspect table   sourcetype=sometype | eval indextime=strftime(_indextime, "%F %T") | table _time indextime   The table kind of list later entries first, but not consistent, often swapped by hours.

Hello all, I have a simple dashboard with a dropdown under the title. When I add styles into the title, the dropdown input element interferes with that and the full hight of the title panel is not visible.  This is my current inline style content. I want to display the full hight of my title panel. Can anyone help?     <label>Endpoint Configurations Summary Dashboard</label> <row depends="$alwaysHideCSSPanel$"> <panel> <html> <style> .dashboard-panel h2{ background:#6495ED !important; color:white !important; text-align: center !important; font-weight: bold !important; border-top-right-radius: 15px; border-top-left-radius: 15px; } .highcharts-background { fill: #ffffff !important; } .highcharts-grid-line{ fill: #ffffff !important; } h1 { background:#6495ED !important; color:white !important; text-align: center !important; font-weight: bold !important; border-top-right-radius: 15px; border-top-left-radius: 15px; } h2, h3, p { color: #696969 !important; text-align: center !important; } </style> </html> </panel> </row>