Thanks, this work for me. Yes, I wanted the extraction to include first set of number. ... View more

Thanks for the answer, but I want the extraction including the first set of number ... View more

Thanks skadadi, Eagerly waiting for this feature. ... View more

Hi, thanks for sharing the link - this will help me. Yes, rmasuoka definitely deserves an up vote. ... View more

Based on these link : https://answers.splunk.com/answers/111492/error-could-not-find-all-of-the-specified-lookup-fields-in-the-lookup-table.html https://answers.splunk.com/answers/96118/lookup-error-could-not-find-all-of-the-specified-lookup-fields.html First you need to check that your csv file - "Kunden" is clean and there is no hidden character. Second, bsed on link 1--try reversing the order of fields in AS. If you have mentioned such in props.conf ... View more

if any lower hierarchy process fails, its upper one should be forced to set as FAIL, even if in individual run the upper one was PASS. Means if p6 fails and p5 not, then p6 predecessor p4 should be set as FAIL, which in turn set p2 as FAIL and finally P1 as FAIL. while p5 and p3 continues to be in PASS status. ... View more

Can you share the error message which displays after clicking the icon. Once this icon showed me lookup error . I added the lookup file (mentioned in error message) in Lookup Definition and it worked. See if its the same case for you. ... View more

Try this: rex field=_raw "(?ms)^(?P\d{2}\/\d{2}\/\d{4}\s+\d{2}:\d{2}:\d{2}\s+\w{2})" You can use Splunk's "Extract Fields" from Event Actions to perform the same. ... View more

Well, this worked for me. Do check if you have not missed the "" , i.e. `|search search="*eventtype=ABC"` For macro, try the following: | rest /servicesNS/-/-/admin/macros splunk_server=local |search definition="*eventtype=ABC*"| table title definition ... View more

DBConnect is not taking it as Timestamp format. I have also tried : yyyy-MM-dd HH:mm:ss.S XXX as the timezone used is in +1:00 format, but still doesn't work ... View more

Hi @davidpaper, is there any way to download different panels as different excels/csv under one button click using above method? ... View more

Hi, reference code to get csv's for all searches one button click will also help. ... View more

Hi, I am trying to implement @cusello advice : <fieldset autoRun="true" submitButton="true"> <input type="dropdown" searchWhenChanged="false" token="token_header"> <label>Header</label> <choice value="*">All</choice> <search> <query>search to load dropdown|table header</query> </search> <fieldForLabel>header</fieldForLabel> <fieldForValue>header</fieldForValue> <default>*</default> <change> <condition label="All"> <set token="new_search">index=xyz sourcetype=abc...|table code...|join code[search index=def ....]|where $dd1$="value" AND $dd2$=""|some operations using stats...1</set> </condition> <condition match="$value$!=&quot;*&quot;"> <set token="new_search">index=xyz sourcetype=abc...|table code...|join code[search index=def ....]|where $dd1$="value" AND $dd2$="value" AND $dd3$=""|some operations using stats... 2</unset> </condition> </change> </input> </fieldset> <row> <panel> <chart> <search> <query>$new_search$</query> <earliest>0</earliest> </search> <option name="charting.chart">bar</option> </chart> </panel> </row> Above scenario is for first dropdown only, where if I select "All" - search with stats 1 will set in token "new_search" and if any other value is selected -search with stats 2 will set , and build the graph. What happens here is chart starts loading after dropdown selection and not after Submit button. Even though I have kept searchWhenChanged="false". Is there any way I can load the panel after submit button click? ... View more

Thanks Cusello, thanks for the anwser. I am good to go with newly formed axis labes like- Param1 Jan16, Param2 Jan16...Param1 Feb16, Param2 Feb16... ... View more