Hi All, I'm having a continuous issue which sort of popped out of nowhere. I have a dashboard which is essentially a functional email form. Tokens are passed over from the previous search page which help the send to work properly. The page should not render any results until the search button is hit, and I've added autoRun="false" in to the simpleXML. This isn't stopping the page from auto running and attempting to send without consent. Here is my simpleXML for the page: <form stylesheet="cg_ereceipts_resubmit.css"> <label>Re-Submit e-Receipt</label> <fieldset autoRun="false" submitButton="true"> <input type="text" token="emailTo"> <label>To(required):</label> <default>$emailTo$</default> </input> <input type="text" token="emailCC"> <label>CC:</label> <default/> </input> <input type="text" token="emailBcc"> <label>BCC:</label> <default/> </input> <input type="text" token="emailSubject"> <label>Subject(required):</label> <default/> </input> <input type="text" token="emailBody"> <label>Body(required):</label> <default/> </input> </fieldset> <row> <table id="ereceipt_resubmit"> <title>Your Re-Submit Results:</title> <searchString> <![CDATA[ |stats count as dummy_field | eval bp_context_id="$bp_context_id$" | eval PID_OUT="$PID_OUT$" | eval TPCode="$TPCode$" | eval OrderNumber="$OrderNumber$" | eval ShipmentNumber="$ShipmentNumber$" | eval OrderLink="$OrderLink$" | eval emailTo="$emailTo$" | eval emailCC="$emailCC$" | eval emailBcc="$emailBcc$" | eval emailSubject="$emailSubject$" | eval emailBody="$emailBody$" | fields - dummy_field | fillnull value="" | cgereceiptsresubmit | eval responseMessage=if(responseMessage=="",ctgResponse,responseMessage) | spath input=ctgResponse output=responseMessage path="BODY.TABLE.TR.TD{2}" | table resubmit_url,ctg_response, resubmit_error | rename resubmit_url as "Re-Submit URL", ctg_response as "CTG Response", resubmit_error as "Re-Submit Error Message"]]> </searchString> <option name="rowNumbers">true</option> <option name="wrap">true</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="count">10</option> </table> </row> </form> Any thoughts on what may be causing the page to autoRun even though autoRun="false" is implemented? Thanks in advance! ... View more

Hi All, I have a search that is bumped against a lookup to display pretty customer names (field=corporation_name) rather than the ugly code names that are logged. I would like to pass corporation_name via a bar graph that shows our top 10 customers, but the drill-down is expecting the ugly code name(field=ctg_identifier), thus I am unable to populate results. One thing to note here is that the current lookup does not have a total list of corporation names. The bar graph displays half ugly code names, half pretty corporation_name. Drilling down by ugly code name is easy because its already being logged, but how do I populate the corporation_name field on the other side? I believe I need to add some specification to the drill-down page saying, "This pretty corporation_name token is actually the ugly code name in disguise!", but I am yet to be successful in what I have added. I tried using eval if's and replace. Here is what I have on the drill-down page that works for the ugly code names (again, ugly code name is being logged as ctg_identifier): index=contract_gateway_summary source=contract_process_summary ctg_identifier="$ctg_identifier$" | stats count as txn_count, sum(total) as sum_total by bp_bp_name, svc_context_name, exit_status | search NOT exit_status=SUCCESS | eval sum_total=round(sum_total,2) | eval sum_total=tostring(sum_total, "commas") | eval sum_total=if(sum_total < 0, "-$$".trim(sum_total,"-"),"$$".sum_total) | ctg_common_header_rename | convert ctime(_time) as timestamp Is there something I can add here that will help to pass ctg_identifier as corporation_name and populate the results? Any insight will be greatly appreciated. Thanks in advance! ... View more

Hi All, I am trying to write a search that appends multiple lookups. I have 4 lookups in a .CSV format that table a list of customers by channel (4 different channels) that have been migrated from one system to another. I want to create a search that uses all lookups to verify customers that have been migrated are logging in Splunk. If they are not logging, there is some issue that needs to be looked at. Here is a basic search I am using with one of the lookups: index=contract_gateway earliest=@d sourcetype=esb_audit bp_bp_name=Invoice | stats earliest(_time) as first_seen, latest(_time) as last_seen by customer| append [ |inputlookup edi_migrated_customer_lookup.csv ] | stats min(first_seen) as first_seen, max(last_seen) as last_seen by customer | outputlookup edi_migrated_customer_lookup.csv The issue I am having is that no matter which of the four lookups I use, the number events in Splunk remains the same, concluding that my search must be jacked/ I am not using the inputlookup/outputlook commands correctly. What I eventually would like to do is display a summary page that monitors the customer migration, and table Total Customer Count, Success Rate, Error Rate, No Transaction Rate by each channel. Any insights on my query would be very helpful. Thanks in Advance! ... View more

I would like to be able to add single values which are rolled-up counts of their corresponding table. Is there a way to add those single value inputs underneath the title of the table , so that it makes sense when someone looks at the table that - "ok, these values go with this table"? Instead of now where the single values are in a panel sitting on top of the results table. Please let me know if you need any additional info from me to help make this work. Thanks in Advance! ... View more