Hi I need to press a button on a dashboard and for it to trigger a .sh script in my APP. However when I load the page it run the script before I press the button   <dashboard script="run_action.js"> <label>Test Action</label> <row> <panel> <html> <button class="btn btn-primary button1">Run search!</button> </html> </panel> </row> </dashboard>     /data/apps/splunk/splunk/etc/apps/MxMonitor_MONITORING_MVP_BETA/appserver/static/run_action.js     require([ "jquery", "splunkjs/mvc/searchmanager", "splunkjs/mvc/simplexml/ready!" ], function( $, SearchManager ) { var mysearch = new SearchManager({ id: "mysearch", autostart: "false", search: "| runshellscript Test_Script123.sh 1 1 1 1 1 1 1 1" }); $(".button1").on("click", function (){ var ok = confirm("Are you sure?"); if (ok){ mysearch.startSearch(); alert('attempted restart!'); } //else { // alert('user did not click ok!'); //} }); });       

We have  the Alfresco Application as a SaaS Application, we can get the logs through the Alfresco APis. Would like to know how can i have it ingested in to Splunk Cloud ..? I think there was an App, which is end of life, is there a way to get the logs to Splunk cloud..? through Heavy forwarders or other Add ons .   

Greetings, I want to exclude search results if a field contains a value compared against another field with additional text added.  So it would look something like this: Field1=value Field2=Field1+[text] Field3=[value2] Exclude results where Field2=Field1+[text] and Field3=[value2] Can anyone tell me what the syntax in Splunk would be?  Thanks.

Bonjour, J'ai activé le heavy forwarder sur mon Splunk server (8.0.6) afin de pouvoir forwarder des logs vers un serveur tiers avec qradar. Nous avons identifié 4 sourcetypes pour lesquels forwarder les logs (on ne veut pas tout forwarder). Or il apparaît que la machine cible reçoit toutes les logs. Je pensais que ma conf du outputs.conf ferait en sorte que seules les logs correspondants à ces sourcetypes seraient forwardées. Voici le contenu de mon fichier tcpouts.conf : [syslog] defaultGroup=syslogGroup [syslog:syslogGroup] server = 192.168.152.68:514 [syslog:192.168.152.68:514] syslogSourceType = f5:bigip:syslog syslogSourceType = bluecoat:proxysg:access:syslog syslogSourceType = FO_apache syslogSourceType = backbone_in   Quelqu'un saurait comment filtrer pour ne forwarder que les logs de ces 4 sourcetypes ? Merci,

Hello there,  I have a question, i'm trying to import a custom SVG map in cloropleth map visualisation in dashboard studio. I had a problem with a classic svg map, a map of france : The svg files contains elements like <g> parts, which seems to not work with dashboard studio, i had to edit directly the .svg file and delete the <g> everywhere. And also had to add "name=", "stroke-width=" "stroke=" and "fill=" in every <path>, without them, the visualisation wasn't working. I wonder if there is a specific version / format of SVG files to use with dashboard studios ? Even import the map in InkScape and exporting like in the example ( documentation : https://www.splunk.com/en_us/blog/platform/painting-with-data-choropleth-svg.html ) didn't worked.   The map of France i used ( before editing it ) : https://upload.wikimedia.org/wikipedia/commons/b/b6/D%C3%A9partements_de_France-simple.svg Best regards, 

Hi All I'm plotting a timechart graph when i run the search it shows the graph all fine as expected [see attached capture_1] however when i embed the graph in a dashboard as a panel it truncates the data [see attached capture_2]  As you see in capture 2 its showing a dip at the start when i embed this in dashboard panel whereas that dip is not actually there in the capture 1  any suggestions for this  capture 1 Capture _2    

Hi, I want to see my data in the ES dashboard Security Domains -> Endpoint -> Endpoint Changes. I created the following things: props.conf with CIM compliant field aliases. eventtypes.conf [MyEventType] search = index=MyIndex sourcetype=MySourcetype   tags.conf [eventtype=MyEventType] change=enabled endpoint=enabled I can successfully search the events with tag=change and tag=endpoint. I can also successfully search the data with the data model constraint (`cim_Change_indexes`) tag=change NOT (object_category=file OR object_category=directory OR object_category=registry) tag=endpoint. However, the dashboard stays empty. When I manually execute one of the dashboard searches | `tstats` append=T count from datamodel=Change.All_Changes where nodename="All_Changes.Endpoint_Changes" I get not results. When I change nodename="All_Changes.Endpoint_Changes"  to nodename="All_Changes" I see my events. So the question is, what do I need to do to get my events in the node All_Changes.Endpoint_Changes?  

Hey there Splunk hero's, Story/Background: So, there is this variable called "src_ip" in my correlation search. The "src_ip" is a more than 5000+ ip address. What i am doing is matching these ip address which should not be in a particular CIDR range using cidrmatch function which works prefectly. Which looks something like this : | where (NOT cidrmatch("34.20.223.128/25",src_ip) AND NOT cidrmatch("13.9.22.0/25",src_ip) AND NOT cidrmatch("13.56.21.18/25",src_ip) AND NOT cidrmatch("35.17.29.0/26",src_ip) AND NOT(many-more,src_ip))   SOLUTION REQUIRED: Now, coming to the part where i need your help is . I want to simply this. SOLUTION Tried: PART 1: Solutions which i have searched over the forum tell me to create a lookup table and look through it. So, I have created a lookup table named "match_cidr.csv". This csv/lookup file consist of more that 100+ CIDR blocks under a variable called cidr_match_src_ip. What i have tried looking into this via this command. there is a tstat command as well so, Query looks like this  [ | inputlookup match_cidr.csv | where src_ip != cidr_match_src_ip] ===> this won't work since i am comparing a CIDR to IP address directly. where NOT cidrmatch([| inputlookup match_cidr.csv], src) ==> tried this as well   What can i use here or what other things can you recommend me to do. Feel free to ask any more question to me if my message isn't clear      

Hi, Current piechart In the above piechart highlighted cities details are not displaying.have to use mouse over to check the details. Please let me know how to get hided values also in piechart.   Regards, Madhusri R