Activity Feed
- Got Karma for Re: "bucket _time span=..." has no affect on search results. 09-27-2023 08:57 AM
- Got Karma for Re: Why am I getting this error? - "Error in 'outputlookup' command: The lookup table 'Permission denied for collection 'mycollection'' is invalid.". 09-21-2023 01:07 AM
- Got Karma for Re: How do I access my local Splunk enterprise instance from another local computer on my network?. 02-04-2023 10:55 PM
- Got Karma for Re: Making a chart and I want to change columns header names from Windows eventlog EventCodes to something readable. 01-19-2022 02:53 PM
- Got Karma for Re: how to sort() version values.. 12-17-2020 06:03 AM
- Posted Re: How do I access my local Splunk enterprise instance from another local computer on my network? on Security. 12-13-2020 12:42 PM
- Posted Re: how to sort() version values. on Splunk Search. 12-13-2020 11:55 AM
- Got Karma for Re: Is it possible to create an alert that depends on another alert to be triggered?. 09-18-2020 08:16 AM
- Got Karma for Re: How to combine two values from separate searches to get an average?. 06-05-2020 12:47 AM
- Got Karma for Re: Starting Splunk Enterprise. 06-05-2020 12:47 AM
- Got Karma for Re: I have created an alert and setup email for it but its not working. 06-05-2020 12:47 AM
- Got Karma for Re: No Visualisation although enough values. 06-05-2020 12:47 AM
- Got Karma for Re: Making a chart and I want to change columns header names from Windows eventlog EventCodes to something readable. 06-05-2020 12:47 AM
- Got Karma for Re: Making a chart and I want to change columns header names from Windows eventlog EventCodes to something readable. 06-05-2020 12:47 AM
- Got Karma for Re: How to display the average of the week as a straight line overlay in a timechart?. 06-05-2020 12:47 AM
- Got Karma for Re: How to display the average of the week as a straight line overlay in a timechart?. 06-05-2020 12:47 AM
- Got Karma for Re: How to display the average of the week as a straight line overlay in a timechart?. 06-05-2020 12:47 AM
- Got Karma for Re: How to calculate percentage and display this on a timechart?. 06-05-2020 12:47 AM
- Got Karma for Re: How to edit my search to output results to separate rows based on multiple values?. 06-05-2020 12:47 AM
- Got Karma for Re: how to generate error count report. 06-05-2020 12:47 AM
Topics I've Started
No posts to display.
04-06-2015
03:28 AM
1 Karma
Hello! I know there is several ways to do that, but i will use Event Types to help you attain your objective. Here is the algorithm.
launch your first search and save it as an Event Type. For example, if your first search is the one bellow, you can give your Event Type the name error sent back from database
"Error sent back from database" StatusCode NOT 00051 earliest=2/1/2015:0:0:0 latest=3/1/2015:0:0:0
launch the second search and do the same. Let suppose you saved it as not a valid reques object from query Event Type
Type this search: eventtype="error sent from database" OR eventtype="not a valid reques object from query"|stats count as Total by eventtype|rename eventtype AS "Error Type"
... View more
04-05-2015
02:22 PM
Hello! I think you can just remove the app folder in $SPLUN_KHOME/etc/apps , and restart splunk.
you can use the CIL to remove it, il necessary.
... View more
04-04-2015
02:14 AM
Take a look at this : index=_internal sourcetype=*| bucket span=24h _time| eval day_month=strftime(_time, "%d/%b")|chart count by day_month
... View more
04-03-2015
10:40 PM
6 Karma
Hello! your js and css files remain where they were befor you generated the Html view: $SPLUNK_HOME/etc/apps/-appname-/appserver/static. Except the html file which is automatically created into: $SPLUNK_HOME/etc/apps/-appname-/local/data/ui/html/ folder.
Take a look at the example bellow and notice how my table_cell_highlighting.css and table_cell_highlighting.js are called (at the top , and at the end of the html file respectively) in my table_cell_highlithtn_html.html.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Table Cell Highlighting HTML | Splunk</title>
<link rel="shortcut icon" href="{{SPLUNKWEB_URL_PREFIX}}/static/img/favicon.ico" />
<link rel="stylesheet" type="text/css" href="{{SPLUNKWEB_URL_PREFIX}}/static/css/build/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" media="all" href="{{SPLUNKWEB_URL_PREFIX}}/static/css/build/pages/dashboard-simple-bootstrap.min.css" />
<link rel="stylesheet" type="text/css" media="all" href="{{SPLUNKWEB_URL_PREFIX}}/static/app/stephane_app/table_cell_highlighting.css" />
<!--[if IE 7]><link rel="stylesheet" href="{{SPLUNKWEB_URL_PREFIX}}/static/css/sprites-ie7.css" /><![endif]-->
</head>
<body class="simplexml preload locale-en">
<!--
BEGIN LAYOUT
This section contains the layout for the dashboard. Splunk uses proprietary
styles in <div> tags, similar to Bootstrap's grid system.
-->
<a class="navSkip" href="#navSkip" tabindex="1">Screen reader users, click here to skip the navigation bar</a>
<div class="header">
<div id="placeholder-splunk-bar">
<a href="{{SPLUNKWEB_URL_PREFIX}}/app/launcher/home" class="brand" title="splunk > listen to your data">splunk<strong>></strong></a>
</div>
<div id="placeholder-app-bar"></div>
</div>
<a id="navSkip"></a>
<div class="dashboard-body container-fluid main-section-body" data-role="main">
<div class="dashboard-header clearfix">
<h2>Table Cell Highlighting HTML</h2>
</div>
<div class="fieldset">
<div class="input input-timerangepicker" id="field1">
<label>Select a time:</label>
</div>
<div class="input input-dropdown" id="field2">
<label>index</label>
</div>
</div>
<div class="dashboard-row dashboard-row1">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel clearfix">
<div class="panel-element-row">
<div class="dashboard-element table" id="highlight" style="width: 100%">
<div class="panel-head">
<h3>Table of Count Sourcetypes Between $time_range.earliest$ and $time_range.latest$ for index= $index$</h3>
</div>
<div class="panel-body"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="footer"></div>
<!--
END LAYOUT
-->
<script src="{{SPLUNKWEB_URL_PREFIX}}/config?autoload=1"></script>
<script src="{{SPLUNKWEB_URL_PREFIX}}/static/js/i18n.js"></script>
<script src="{{SPLUNKWEB_URL_PREFIX}}/i18ncatalog?autoload=1"></script>
<script src="{{SPLUNKWEB_URL_PREFIX}}/static/js/build/simplexml.min/config.js"></script>
<script type="text/javascript">
require.config({
baseUrl: "{{SPLUNKWEB_URL_PREFIX}}/static/js",
waitSeconds: 0 // Disable require.js load timeout
});
//
// LIBRARY REQUIREMENTS
//
// In the require function, we include the necessary libraries and modules for
// the HTML dashboard. Then, we pass variable names for these libraries and
// modules as function parameters, in order.
//
// When you add libraries or modules, remember to retain this mapping order
// between the library or module and its function parameter. You can do this by
// adding to the end of these lists, as shown in the commented examples below.
require([
"splunkjs/mvc",
"splunkjs/mvc/utils",
"splunkjs/mvc/tokenutils",
"underscore",
"jquery",
"splunkjs/mvc/simplexml",
"splunkjs/mvc/headerview",
"splunkjs/mvc/footerview",
"splunkjs/mvc/simplexml/dashboardview",
"splunkjs/mvc/simplexml/element/chart",
"splunkjs/mvc/simplexml/element/event",
"splunkjs/mvc/simplexml/element/html",
"splunkjs/mvc/simplexml/element/list",
"splunkjs/mvc/simplexml/element/map",
"splunkjs/mvc/simplexml/element/single",
"splunkjs/mvc/simplexml/element/table",
"splunkjs/mvc/simpleform/formutils",
"splunkjs/mvc/simpleform/input/dropdown",
"splunkjs/mvc/simpleform/input/radiogroup",
"splunkjs/mvc/simpleform/input/multiselect",
"splunkjs/mvc/simpleform/input/checkboxgroup",
"splunkjs/mvc/simpleform/input/text",
"splunkjs/mvc/simpleform/input/timerange",
"splunkjs/mvc/simpleform/input/submit",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/savedsearchmanager",
"splunkjs/mvc/postprocessmanager",
"splunkjs/mvc/simplexml/urltokenmodel"
// Add comma-separated libraries and modules manually here, for example:
// ..."splunkjs/mvc/simplexml/urltokenmodel",
// "splunkjs/mvc/checkboxview"
],
function(
mvc,
utils,
TokenUtils,
_,
$,
DashboardController,
HeaderView,
FooterView,
Dashboard,
ChartElement,
EventElement,
HtmlElement,
ListElement,
MapElement,
SingleElement,
TableElement,
FormUtils,
DropdownInput,
RadioGroupInput,
MultiSelectInput,
CheckboxGroupInput,
TextInput,
TimeRangeInput,
SubmitButton,
SearchManager,
SavedSearchManager,
PostProcessManager,
UrlTokenModel
// Add comma-separated parameter names here, for example:
// ...UrlTokenModel,
// CheckboxView
) {
var pageLoading = true;
//
// TOKENS
//
// Create token namespaces
var urlTokenModel = new UrlTokenModel();
mvc.Components.registerInstance('url', urlTokenModel);
var defaultTokenModel = mvc.Components.getInstance('default', {create: true});
var submittedTokenModel = mvc.Components.getInstance('submitted', {create: true});
urlTokenModel.on('url:navigate', function() {
defaultTokenModel.set(urlTokenModel.toJSON());
if (!_.isEmpty(urlTokenModel.toJSON()) && !_.all(urlTokenModel.toJSON(), _.isUndefined)) {
submitTokens();
} else {
submittedTokenModel.clear();
}
});
// Initialize tokens
defaultTokenModel.set(urlTokenModel.toJSON());
function submitTokens() {
// Copy the contents of the defaultTokenModel to the submittedTokenModel and urlTokenModel
FormUtils.submitForm({ replaceState: pageLoading });
}
function setToken(name, value) {
defaultTokenModel.set(name, value);
submittedTokenModel.set(name, value);
}
function unsetToken(name) {
defaultTokenModel.unset(name);
submittedTokenModel.unset(name);
}
//
// SEARCH MANAGERS
//
var search1 = new SearchManager({
"id": "search1",
"latest_time": "$time_range.latest$",
"earliest_time": "$time_range.earliest$",
"status_buckets": 0,
"cancelOnUnload": true,
"search": "index=$index$ OR index=_$index$ | stats count as total_count by sourcetype",
"app": utils.getCurrentApp(),
"auto_cancel": 90,
"preview": true,
"runWhenTimeIsUndefined": false
}, {tokens: true, tokenNamespace: "submitted"});
//
// SPLUNK HEADER AND FOOTER
//
new HeaderView({
id: 'header',
section: 'dashboards',
el: $('.header'),
acceleratedAppNav: true,
useSessionStorageCache: true
}, {tokens: true}).render();
new FooterView({
id: 'footer',
el: $('.footer')
}, {tokens: true}).render();
//
// DASHBOARD EDITOR
//
new Dashboard({
id: 'dashboard',
el: $('.dashboard-body')
}, {tokens: true}).render();
//
// VIEWS: VISUALIZATION ELEMENTS
//
var highlight = new TableElement({
"id": "highlight",
"drilldown": "none",
"managerid": "search1",
"el": $('#highlight')
}, {tokens: true}).render();
//
// VIEWS: FORM INPUTS
//
var field1 = new TimeRangeInput({
"id": "field1",
"searchWhenChanged": true,
"default": {"latest_time": "now", "earliest_time": "0"},
"earliest_time": "$form.time_range.earliest$",
"latest_time": "$form.time_range.latest$",
"el": $('#field1')
}, {tokens: true}).render();
field1.on("change", function(newValue) {
FormUtils.handleValueChange(field1);
});
var field2 = new DropdownInput({
"id": "field2",
"choices": [
{"value": "*", "label": "All"}
],
"searchWhenChanged": true,
"labelField": "index",
"default": "*",
"selectFirstChoice": false,
"valueField": "index",
"value": "$form.index$",
"managerid": "search2",
"showClearButton": true,
"el": $('#field2')
}, {tokens: true}).render();
field2.on("change", function(newValue) {
FormUtils.handleValueChange(field2);
});
// Populating search for field 'field2'
var search2 = new SearchManager({
"id": "search2",
"earliest_time": "$earliest$",
"latest_time": "$latest$",
"status_buckets": 0,
"cancelOnUnload": true,
"search": "| eventcount summarize=false index=* OR index=_*",
"app": utils.getCurrentApp(),
"auto_cancel": 90,
"preview": true,
"runWhenTimeIsUndefined": false
}, {tokens: true});
// Initialize time tokens to default
if (!defaultTokenModel.has('earliest') && !defaultTokenModel.has('latest')) {
defaultTokenModel.set({ earliest: '0', latest: '' });
}
submitTokens();
//
// DASHBOARD READY
//
DashboardController.ready();
pageLoading = false;
}
);
</script>
<script src="{{SPLUNKWEB_URL_PREFIX}}/static/app/stephane_app/table_cell_highlighting.js" type="text/javascript"></script>
</body>
</html>
table_cell_highlighting.js
require([
'underscore',
'jquery',
'splunkjs/mvc',
'splunkjs/mvc/tableview',
'splunkjs/mvc/simplexml/ready!'
], function(_, $, mvc, TableView) {
// Row Coloring Example with custom, client-side range interpretation
var CustomRangeRenderer = TableView.BaseCellRenderer.extend({
canRender: function(cell) {
// Enable this custom cell renderer for both the active_hist_searches and the active_realtime_searches field
return _(['total_count', 'active_realtime_searches']).contains(cell.field);
},
render: function($td, cell) {
// Add a class to the cell based on the returned value
var value = parseFloat(cell.value);
// Apply interpretation for number of historical searches
if (cell.field === 'total_count') {
if (value > 400.00) {
$td.addClass('range-cell').addClass('range-severe');
}
else if (value > 100.00) {
$td.addClass('range-cell').addClass('range-elevated');
}
else if (value < 100.00) {
$td.addClass('range-cell').addClass('range-low');
}
}
// Apply interpretation for number of realtime searches
if (cell.field === 'active_realtime_searches') {
if (value > 1) {
$td.addClass('range-cell').addClass('range-severe');
}
}
// Update the cell content
$td.text(value.toFixed(2)).addClass('numeric');
}
});
mvc.Components.get('highlight').getVisualization(function(tableView) {
// Add custom cell renderer
tableView.table.addCellRenderer(new CustomRangeRenderer());
// tableView.on('rendered', function() {
// Apply class of the cells to the parent row in order to color the whole row
// tableView.$el.find('td.range-cell').each(function() {
// $(this).addClass(this.className);
// });
//});
// Force the table to re-render
tableView.table.render();
});
});
table_cell_highlighting.css
/* Cell Highlighting */
/*
#highlight td {
background-color: #c1ffc3 !important;
}
*/
#highlight td.range-low {
color: #C0D9D9;
}
#highlight td.range-elevated {
background-color: #ffc57a !important;
font-weight: bold;
color: blue;
}
#highlight td.range-severe {
background-color: #d59392 !important;
font-weight: bold;
color: yellow;
}
... View more
04-03-2015
03:19 PM
yes, it is possible. You can see the D3 chart overlay example in the splunk 6.x dashboard examples app.
... View more
03-30-2015
08:12 PM
1 Karma
Hi! i'm not sure that you can use a timechart command at that level with the stats command.You must change the stats command to eventstats, or Instead, use a chart like this.
| stats count as total count(eval(state="success")) as success by _time
| eval conversion=success/total
| chart values(conversion) by _time
And, if you still wish to use the span, use it like this:
| bucket span=30m _time | stats count as total count(eval(state="success")) as success by _time
| eval conversion=success/total
| chart values(conversion) by _time
or you can use your timechart with eventstats like this
| eventstats count as total count(eval(state="success")) as success
| eval conversion=success/total
| timechart span=30m count by conversion
... View more
03-30-2015
06:28 PM
3 Karma
Hi! for the command to use, i think you can use this:
index=msh host="prod*" sourcetype=Message | timechart span=4s avg(Message_DURATION_SMSC) AS ms|join [search index=msh host="prod*" sourcetype=Message | timechart span=7d avg(Message_DURATION_SMSC) AS mweek]
here is an example you can use as a template, for your chart overlay. it is using the _internal index. Just copy and test the code.
<dashboard>
<label>Chart Overlay</label>
<description>display the average of the week as a straight line overlay in a timechart</description>
<row>
<panel>
<chart>
<search>
<query>index=_internal sourcetype=splunkd |timechart span=4s avg(active_hist_searches) AS AverageSearch_per_second|join [search index=_internal sourcetype=splunkd |timechart span=7d avg(active_hist_searches) AS AverageSearch_per_week]</query>
<earliest>@d</earliest>
<latest>now</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">true</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.chart.overlayFields">AverageSearch_per_week</option>
</chart>
</panel>
</row>
</dashboard>
... View more
03-30-2015
05:56 PM
1 Karma
with the join command, test this: index=test field1=abc field2=xyc | stats dc(field3) as Devices|join [search index=test field1=abc field2=xyc (field6=1111 OR field6=2222)|stats dc(field4) as Connections] | eval Average=Connections/Devices
here is an example in the _internal index, that you can take as a template.
index=_internal source=*metrics.log group=search_concurrency|stats dc(active_hist_searches) as ActiveHitSearch|join [search index=_internal source=*metrics.log group=search_concurrency (component=Metrics OR component=view)|stats dc(active_realtime_searches) as ActiveRealtimeSearch] |eval average=ActiveHitSearch/ActiveRealtimeSearch
... View more
03-30-2015
01:52 AM
Means the sample data you gave bellow is a single event? if not, can you give a sample data, where we can see an event with several values of val?
... View more
03-29-2015
07:21 PM
Hello! just try this: sourcetype="myprogram" host="myserver" | regex _raw= "(Unable|Error).*? (SITE1|SITE2):\d+"| timechart count . hope it could help.
... View more
03-29-2015
03:46 PM
Here is an example where i count sourcetypes by Minutes in the _internal index. Take a look at it: index=_internal sourcetype=*| eval minutes=strftime(_time, "%M")|chart count by minutes |head 20
... View more
03-26-2015
06:39 PM
Try this:
source=abcd.csv| bucket span=7d _time| eval week_month=strftime(_time, "%d/%m")|chart count by week_month|replace */01 with */january in week_month|replace */02 with */February in week_month|replace */03 with */martch in week_month ............................
or : source=abcd.csv| bucket span=7d _time| eval week_month=strftime(_time, "%d/%b")|chart count by week_month
here is an example you can take as a template with the _internal index:
index=_internal sourcetype=*|bucket span=7d _time| eval w_month=strftime(_time, "%d/%m")|chart count by w_month|replace */01 with */january in w_month|replace */02 with */February in w_month|replace */03 with */martch in w_month|replace */04 with */April in w_month
or more simply : index=_internal sourcetype=*|bucket span=7d _time| eval w_month=strftime(_time, "%d/%b")|chart count by w_month
... View more
03-26-2015
03:01 PM
Hi ! try this index="badge" address=* |eval month=strftime(_time, "%m")|chart count by month,address|replace 01 with January in month|replace 02 with February in month|replace 03 with Martch in month|replace 04 with April in month|replace ............
here is one example you can use with your _internal index, sourcetype as your address. test it and let me know
index=_internal sourcetype=*| eval month=strftime(_time, "%m")|chart count by month,sourcetype|replace 01 with January in month|replace 02 with February in month|replace 03 with Martch in month|replace 04 with April in month
... View more
03-26-2015
12:49 PM
1 Karma
I think your query need parenthesis. try this:
index=1_Scheibenkleben sourcetype=1_Scheibenkleben_csv (Raumtemperatur=* OR Scheibentemperatur=*)|chart list(Raumtemperatur) as RT, list(Scheibentemperatur) as ST over _time span=1d
... View more
03-26-2015
08:44 AM
Yes it is possible, but you could do it before the indexing-time of the data pipeline, since override a sourcetype occurs at parse-time.
I hope this could help you. http://docs.splunk.com/Documentation/Splunk/6.2.2/Data/Advancedsourcetypeoverrides
... View more
03-26-2015
07:13 AM
Hello! Are you satisfy by the answer? if yes, don't forget to vote or accept it.
Thanks
... View more
03-26-2015
05:58 AM
2 Karma
Hello! you can attain your objective by simply assign for each table, his own js file. something like this
<dashboard script="table_icons_inline1.js,table_icons_inline2.js" stylesheet="table_decoration_icon.css">
<label>Table Icon Set (Inline)</label>
<row>
<table id="table1">
<title>Render Icons based on rangemap result</title>
<searchString>index=_internal | stats count by sourcetype,source,host</searchString>
<earliestTime>-1h</earliestTime>
<option name="drilldown">none</option>
</table>
</row>
<row>
<table id="table2">
<title>Render Icons based on rangemap result</title>
<searchString>index=_internal | stats count by sourcetype,source,host</searchString>
<earliestTime>-1h</earliestTime>
<option name="drilldown">none</option>
</table>
</row>
</dashboard>
Means, three tables == three js files. And each js file manage a single table. Something like this
mvc.Components.get('table1').getVisualization(function(tableView){
// Register custom cell renderer
tableView.table.addCellRenderer(new CustomIconRenderer());
// Force the table to re-render
tableView.table.render();
for the first table,
mvc.Components.get('table2').getVisualization(function(tableView){
// Register custom cell renderer
tableView.table.addCellRenderer(new CustomIconRenderer());
// Force the table to re-render
tableView.table.render();
for the second one, and so on
... View more
03-23-2015
05:06 AM
I don't know why, but i think it is working for me. See bellow my both codes, firstly using js and secondly using Django binding. just test it, it is working.
timerangePreset1.html
{% extends 'splunkdj:base_with_app_bar.html' %}
{% load splunkmvc %}
{% block title %}Splunk views (JavaScript){% endblock title %}
{% block css %}
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}{{app_name}}/custom.css" />
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}splunkjs/css/dashboard.css" />
{% endblock css %}
{% block content %}
<div class="dashboard-body container-fluid main-section-body">
<div class="row">
<div class="dashboard-header clearfix">
<p>This example shows how to set up a timerange using JavaScript. Tokens are used to keep the search controls in sync with the search manager.</p>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 20%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>TimeRange</h3>
</div>
<div class="panel-body">
<div id="mytimerangeview"></div>
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Table</h3>
</div>
<div class="panel-body">
<div id="mytable"></div>
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Chart</h3>
</div>
<div class="panel-body">
<div id="mychart"></div>
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock content %}
{% block js %}
<script>
var deps = [
"splunkjs/ready!",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/chartview",
"splunkjs/mvc/tableview",
"splunkjs/mvc/timerangeview"
];
require(deps, function(mvc) {
// Load individual components
var SearchManager = require("splunkjs/mvc/searchmanager");
var ChartView = require("splunkjs/mvc/chartview");
var TableView = require("splunkjs/mvc/tableview");
var TimeRangeView = require("splunkjs/mvc/timerangeview");
// Create a stats search for chart ant Table examples
var mysearch = new SearchManager({
id: "example-search",
search: "index=_internal | head 1000 | stats count by sourcetype",
preview: true,
cache: true
});
// Create views
// Instantiate a view using the default time range picker
var mytimerange = new TimeRangeView({
id: "example-timerange",
managerid: "example-search",
preset: "Today",
el: $("#mytimerangeview")
}).render();
// Update the search manager when the time range changes
mytimerange.on("change", function() {
mysearch.settings.set(mytimerange.val());
});
var table1 = new TableView({
id:"example-table",
managerid: "example-search",
el: $("#mytable")
}).render();
var chart1 = new ChartView({
id:"example-chart",
managerid: "example-search",
type: "bar",
el: $("#mychart")
}).render();
});
</script>
{% endblock js %}
timerangePreset2.html
{% extends 'splunkdj:base_with_app_bar.html' %}
{% load splunkmvc %}
{% block title %}Splunk views (Django){% endblock title %}
{% block css %}
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}{{app_name}}/custom.css" />
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}splunkjs/css/dashboard.css" />
{% endblock css %}
{% block content %}
<div class="dashboard-body container-fluid main-section-body">
<div class="row">
<div class="dashboard-header clearfix">
<p>This example shows how to set up the timerange using Django tags. Tokens are used to keep the search controls in sync with the search manager. JavaScript is used to set choices and respond to changes in the Timeline view.</p>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 20%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>TimeRange</h3>
</div>
<div class="panel-body">
{% timerange id="example-timerange" managerid="example-search"
earliest_time="$earlyval$"|token_safe
latest_time="$lateval$"|token_safe
%}
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Table</h3>
</div>
<div class="panel-body">
{% table id="example-table" managerid="example-search" %}
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Chart</h3>
</div>
<div class="panel-body">
{% chart id="example-chart" managerid="example-search" type="bar" %}
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock content %}
{% block managers %}
{# Stats search for chart and table examples #}
{% searchmanager id="example-search"
search="index=_internal | head 1000 | stats count by sourcetype"
earliest_time="$earlyval$"|token_safe
latest_time="$lateval$"|token_safe
preview=True
required_field_list="*" status_buckets=300
%}
{% endblock managers %}
{% block js %}
<script>
</script>
{% endblock js %}
... View more
03-23-2015
03:41 AM
It should work. I don't know how you are handling your code, but i think you are surely making errors on it. Bellow is a basic example that can help you. Just test it, it is working very well.
timerangePreset.html
{% extends 'splunkdj:base_with_app_bar.html' %}
{% load splunkmvc %}
{% block title %}Splunk views (JavaScript){% endblock title %}
{% block css %}
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}{{app_name}}/custom.css" />
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}splunkjs/css/dashboard.css" />
{% endblock css %}
{% block content %}
<div class="dashboard-body container-fluid main-section-body">
<div class="row">
<div class="dashboard-header clearfix">
<p>This example shows how to set up a timerange using JavaScript. Tokens are used to keep the search controls in sync with the search manager.</p>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 20%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>TimeRange</h3>
</div>
<div class="panel-body">
<div id="mytimerangeview"></div>
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Table</h3>
</div>
<div class="panel-body">
<div id="mytable"></div>
</div>
</div>
</div>
</div>
</div>
<!-- Row -->
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Chart</h3>
</div>
<div class="panel-body">
<div id="mychart"></div>
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock content %}
{% block js %}
<script>
var deps = [
"splunkjs/ready!",
"splunkjs/mvc/searchmanager",
"splunkjs/mvc/chartview",
"splunkjs/mvc/tableview",
"splunkjs/mvc/timerangeview"
];
require(deps, function(mvc) {
// Load individual components
var SearchManager = require("splunkjs/mvc/searchmanager");
var ChartView = require("splunkjs/mvc/chartview");
var TableView = require("splunkjs/mvc/tableview");
var TimeRangeView = require("splunkjs/mvc/timerangeview");
// Create a stats search for chart ant Table examples
var mysearch = new SearchManager({
id: "example-search",
search: "index=_internal | head 1000 | stats count by sourcetype",
preview: true,
cache: true
});
// Create views
// Instantiate a view using the default time range picker
var mytimerange = new TimeRangeView({
id: "example-timerange",
managerid: "example-search",
preset: "Today",
el: $("#mytimerangeview")
}).render();
// Update the search manager when the time range changes
mytimerange.on("change", function() {
mysearch.settings.set(mytimerange.val());
});
var table1 = new TableView({
id:"example-table",
managerid: "example-search",
el: $("#mytable")
}).render();
var chart1 = new ChartView({
id:"example-chart",
managerid: "example-search",
type: "bar",
el: $("#mychart")
}).render();
});
</script>
{% endblock js %}
... View more
03-22-2015
04:31 PM
here is one example you can use to display your single value.
{% extends "splunkdj:base_with_app_bar.html" %}
{% load splunkmvc %}
{% block title %}Single Value - Web Framework Toolkit{% endblock title %}
{% block css %}
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}splunkjs/css/dashboard.css">
<link rel="stylesheet" type="text/css" href="{{STATIC_URL}}{{app_name}}/custom.css" />
<style>
#timerange {
margin-top: 5px;
float: right;
}
.panel {
overflow: visible;
}
</style>
{% endblock css %}
{% block content %}
<div class="dashboard-body container-fluid main-section-body" data-role="main">
<div class="row">
<div class="span12 dashboard-header clearfix">
<h2>Single Value</h2>
</div>
</div>
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
</div>
<div class="panel-body">
<p>
In this example, the TimeRange view
sets the timebounds for the searche that drive
the Single view.
</p>
</div>
</div>
</div>
</div>
</div>
<div class="dashboard-row">
<div class="dashboard-cell" style="width: 100%;">
<div class="dashboard-panel">
<div class="dashboard-element">
<div class="panel-head">
<h3>Single value with time range</h3>
</div>
<div class="panel-body">
{% timerange id="timerange" %}
{% single id="single1" managerid="simplesearch1" beforeLabel="_internal event Count: " %}
</div>
</div>
</div>
</div>
</div>
</div>
{% endblock content%}
{% block managers %}
{% searchmanager id="simplesearch1" search="index=_internal | stats count"
preview=True cache=True status_buckets=0 auto_finalize_ec=100000 autostart=True %}
{% endblock managers %}
{% block js %}
<script>
require(["splunkjs/ready!"], function(mvc) {
var search1 = mvc.Components.getInstance("simplesearch1");
var timerange1 = mvc.Components.getInstance("timerange");
timerange1.on("change", function() {
search1.search.set(timerange1.val());
});
});
</script>
{% endblock js %}
... View more
03-15-2015
05:42 PM
Add a searchWhenChanged="true" in your text box. :
<input type="text" token="qtoken" searchWhenChanged="true">
... View more
03-15-2015
05:13 PM
1 Karma
Why don't you try this? | savedsearch mysavedsearch | outputlookup mykvstore.csv, to Write to mykvstore.csv lookup file (under $SPLUNK_HOME/etc/system/lookups or $SPLUNK_HOME/etc/apps/*/lookups) ?.
... View more
03-15-2015
04:18 PM
No! you can't. The same Xml file include all your tabs. For example in the above xml, you have three tags: link1, link2 and link3 handled in the same js file.
... View more
03-15-2015
03:56 PM
YES!!!! Where is the problem? In case you will need to remove the data later, i advise you to create an index and load the data in that index.
... View more
03-15-2015
03:36 PM
Yes you can uninstall and reinstall splunk. You will get a new free licence for 60 days, and you could be able to test the above code.
... View more
- « Previous
- Next »