Hi guys, I need to create a vertical line in a time chart. I thought that I could use the following search to draw the vertical line: index=myindex ALARM="ALARM" [| gentimes start=-1 | eval earliest = relative_time(1487771030,"-15m") | eval latest = relative_time(1487771030,"+5m") | return earliest, latest] | timechart count | eval test=if(_time==1487771030,100,10) that produces the following chart: I was expecting to see a vertical line at 1487771030 Of course, in the final search, the last part should be like this | eval test=if(_time==1487771030,MAX,0) Obviously this is not working. The next question is "How can I calculate the MAX" In this solution (if I will able to reach what I'm looking for) there is the following problem: The "test" line will be visible even when the _time is not equal to 1487771030 is there a better way to draw a vertical line in a time chart? thanks (I'm using Splunk 6.5) ... View more

Hi guys, I have this code: <form> <label>Fault Stats</label> <fieldset submitButton="false"></fieldset> <row> <panel> <input type="dropdown" token="failureID" searchWhenChanged="true"> <label>FailureID</label> <fieldForLabel>Date</fieldForLabel> <fieldForValue>FailureID</fieldForValue> <search> <query>MYQUERY</query> <earliest>0</earliest> <latest></latest> </search> <change> <eval token="failureID.earliest">relative_time($value$, $minBefore$)</eval> <eval token="failureID.latest">value</eval> </change> </input> <input type="dropdown" token="minBefore" searchWhenChanged="true"> <label>Time before fault</label> <choice value="-1m">1 minute</choice> <choice value="-5m">5 minutes</choice> <choice value="-15m">15 minutes</choice> <choice value="-1h">60 minutes</choice> <choice value="-1d">24 hours</choice> <default>-15m</default> <initialValue>-15m</initialValue> <change> <eval token="failureID.earliest">relative_time($failureID$,$minBefore$)</eval> <eval token="failureID.latest">$failureID$</eval> </change> </input> <chart> <search> <query>MYQUERY</query> <earliest>$failureID.earliest$</earliest> <latest>$failureID.latest$</latest> </search> <option name="charting.chart">line</option> </chart> </panel> </row> </form> That creates this panel: The time range of the graph should be: [LeftDropDownSelectedValue - RightDropDownSelectedValue, LeftDropDownValue] Also every time That You change the selected value of dropdown Both the graph Should be redrawn. At the beginning it seemed to work fine but, if you play a bit with the right dropdown I noticed two unexpected behaviours: Some times the graph is not redrawn when the right dropdown value changes After playing a bit with the right dropdown the graph interval is wrong (if you look at the previous picture I selected 1 minutes but the interval is 1 day) Am I doing something wrong? Thanks ... View more

Hi guys, I'm trying to create a custom dashboard. I've added a DropDown input with the following parameters: token failureId query= myquery Field for label= Date Field for Value= FailureID I would like to create a graph line where the time range is between: ($failureId$/1000)-15minutes and ($failureId$/1000) how can i configure the chart panel to perform this query? thanks ... View more

Hi guys, I've created a custom Splunk Application. I've noticed that my dashboard list view desappeared. is there a way to restore it? Thanks ... View more

Hi Guys, I was creating my Splunk application. My folder structure is this one: drwxrwxr-x 3 user user 4096 Feb 17 15:19 appserver/ drwxrwxrwx 2 user user 4096 Feb 16 17:29 bin/ drwxrwxrwx 3 user user 4096 Feb 17 14:02 default/ drwx------ 2 root root 4096 Feb 17 14:39 local/ drwxrwxrwx 2 root root 4096 Feb 17 11:04 lookups/ drwxrwxrwx 2 user user 4096 Feb 17 15:01 metadata/ drwxrwxr-x 2 user user 4096 Feb 17 15:30 static/ I've a script in appserver/static/home.js I've an html script in default/data/ui/html/home.html <!DOCTYPE html> <html lang="en"> <head> ........ </head> <body class="simplexml preload locale-en" data-splunk-version="6.5.2" data-splunk-product="enterprise"> <!-- BEGIN LAYOUT This section contains the layout for the dashboard. Splunk uses proprietary styles in <div> tags, similar to Bootstrap's grid system. --> <header> ..... </header> <div class="dashboard-body container-fluid main-section-body" data-role="main"> .... </div> <script src="/static/home.js"></script> I tried to incude home.js n different way: - But, looking at the chrome console, I've a 404 error Also every time that I modify the .html I call http://localhost:8000/en-US/debug/refresh What I'm doing wrong? Thanks ... View more

Hi guys I've defined my sourcetype, transforms and lookup in /opt/splunk/etc/system/local/props.conf and /opt/splunk/etc/system/local/transforms.conf (I set the lookup from the web interface). Everything is working fine with the default Search and Reporting App. After I created my customApp and if I perform the same search in the App, I can see the right source_type associated to my data but the regex that I defined in /opt/splunk/etc/system/local/transforms.conf is not applied. Any suggestion? Thanks ... View more