Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Dev999
Dev999
Communicator
Member since:
02-12-2014
02-17-2023
Community Statistics
| Posts | 42 |
| Solutions | 3 |
| Karma Given | 4 |
| Karma Received | 3 |
| Member Since | 02-12-2014 |
Activity Feed
- Posted Re: Splunk bug: string replace function fails if the string to be replaced starts with "+" character on Splunk Search. 02-17-2023 08:58 AM
- Posted Splunk bug: string replace function fails if the string to be replaced starts with "+" character on Splunk Search. 02-17-2023 08:26 AM
- Got Karma for Re: How do you access the custom endpoint from dashboard javascript?. 06-05-2020 12:50 AM
- Karma Re: Using charting.lineDashStyle to edit only one line in graph for niketn. 06-05-2020 12:49 AM
- Got Karma for Re: How to change the marker shape in a line chart. 06-05-2020 12:49 AM
- Got Karma for Re: timerange in python custom command. 06-05-2020 12:47 AM
- Karma Re: Display values inside the chart without mouse pop up for Venkat_16. 06-05-2020 12:46 AM
- Karma Re: How would I display the number of events on a pie chart? for dmaislin_splunk. 06-05-2020 12:46 AM
- Karma Re: Installing multiple instances on Centos via RPM for Ayn. 06-05-2020 12:45 AM
- Posted Re: timerange in python custom command on Splunk Dev. 01-30-2019 12:42 PM
- Posted Re: How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 12:28 PM
- Posted Re: How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 10:34 AM
- Posted Re: access custom Rest endpoint using javascript on Dashboards & Visualizations. 11-12-2018 06:52 AM
- Posted How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 06:47 AM
- Tagged How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 06:47 AM
- Tagged How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 06:47 AM
- Tagged How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 06:47 AM
- Tagged How do you access the custom endpoint from dashboard javascript? on Dashboards & Visualizations. 11-12-2018 06:47 AM
- Posted Re: How to make rest calls from python to modify saved search properties? on Splunk Dev. 11-11-2018 08:19 PM
- Posted Re: How to change the marker shape in a line chart on Dashboards & Visualizations. 10-24-2017 01:11 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-17-2023
08:58 AM
the function should have ways to escape the special characters. As you can see above, the extraction rex has no problem handling it.
... View more
02-17-2023
08:26 AM
replace() function produce an empty string if the string to be replaced starts with a "+" character. this search with replace() works: | makeresults
| eval message = "This is mark1 replacement mark2", ph2="different"
| rex field=message "mark1 (?<ph1>[^/s]*) mark2"
| eval message2 = replace(message, ph1, ph2)
| table message, message2, ph1, ph2 this one will produce an empty message2: | makeresults
| eval message = "This is mark1 +replacement mark2", ph2="different"
| rex field=message "mark1 (?<ph1>[^/s]*) mark2"
| eval message2 = replace(message, ph1, ph2)
| table message, message2, ph1, ph2
... View more
- Tags:
- string function
Labels
- Labels:
-
other
01-30-2019
12:42 PM
so the "workaround" is kind of error checking (safe guard) by checking if they exist or not. In case of All time, you do nothing with it any way.
... View more
11-12-2018
12:28 PM
1 Karma
After correcting GET/POST, I realized the problem was that the file name should be web.conf, not web.xml.
... View more
11-12-2018
10:34 AM
Thanks lweber. I can see missing handle_POST in python would be a problem. If I replace handle_GET with handle_POST only, I got a specific python error (object has no attribute 'handle_GET' ) on port 8089 web. Now I have both as you suggested, and added to web.xml, but still gets 404 error regardless I do service.get or service.post. I can do curl with -XPOST to get the correct response from port 8089.
... View more
11-12-2018
06:52 AM
I made essentially the exactly same setup in a new app, but I got 404 error when calling service.post('services/myendpoint', ). I am using Splunk 7.2.0. Could you please take a look at my question:
https://answers.splunk.com/answers/699676/accessing-custom-endpoint-from-dashboard-javascrip.html
Thanks,
Tony
... View more
11-12-2018
06:47 AM
I have configured my REST API custom endpoint within a new app, and tested successfully through the service web's UI (:8089). But got 404 from javascript. Splunk version: 7.2.0, User account has admin role:
service.post('services/my_submit', data, function...
http://mysplunk:8000/en-US/splunkd/__raw/services/my_submit?output_mode=json 404 (Not Found)
Accessing from service port prints 'success' from the python script:
https://mysplunk:8089/services/my_submit
web.xml:
[expose:my_submit]
pattern=my_submit
methods=POST
restmap.conf:
[script:my_submit]
match=/my_submit
handler=my_submit.Submit
my_submit.py:
import splunk
class Submit(splunk.rest.BaseRestHandler):
def handle_submit(self):
try:
self.response.setHeader('content-type', 'text/html')
self.response.write('success')
except:
self.response.setHeader('content-type', 'text/html')
self.response.write('<p>Uh oh! Something wrong!</p>')
handle_GET = handle_submit
Should I use 'services/my_submit' as the endpoint in the service call? What else could I miss? Your help is greatly appreciated.
Tony
... View more
11-11-2018
08:19 PM
Nice post!
I am trying to set up my custom endpoint, pretty sure went through restmap.conf and web.xml, python file properly. I can view the endpoint on port 8089 at https://mysplunk:8089/services/testendpoint and can get the print out from the python file. However, when I tried to call service in dashboard javascript with:
service.post('/services/testendpoint', ...)
I got 404 error. I am using Splunk 7.2.0.
I noticed that you used '/servicesNS/nobody/app_name/saved/searches/receive', Why is it "saved/searches'? I tried the same path and got "Bad Request" error even I don't do anything with the form data. Curious what is your URL on your 8089 port web? I appreciate your response.
Thanks,
Tony
... View more
10-24-2017
01:11 PM
It does not worth the efforts if it changes all. The whole point is to mimic Excel plot with different markers. I guess most can live with different colors and dash styles.
Thanks!
... View more
10-24-2017
08:16 AM
1 Karma
Thanks for clarification. I found your other post with the workaround for dash style and works like a charm: change dash style. It's not for marker but it's better than nothing. I bet with that kind of knowledge you can change the marker style as well?
... View more
10-23-2017
06:53 PM
In a line chart, I can add markers to the line. In a multi-line chart, I would like to have different markers for each line.
I am at Splunk 6.5.1. From an old document Splunk 6.2.3 document it seems possible at that version and I guess Splunk would not take the feature out in newer versions, though it's possible:
"You use shape properties to define shape objects for shape palettes, which are designed primarily to enable the assignation of specific shapes to chart markers. For example, you could arrange for each series in a line chart to have markers of different shapes. To do this you would define a list shape palette that sets up a specific shape object for each series, and then assign that to the markerShapePalette property."
Has anyone made this work in 6.5?
Thanks!
Here is a sample code for a single line example:
<dashboard>
<label>test_chart_shape</label>
<row>
<panel>
<chart>
<search>
<query>index=_audit earliest=-2h@h (action=quota OR aciton=search OR action=accelerate_search) | stats count by action</query>
<earliest>@d</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.chart.showMarkers">true</option>
<option name="charting.chart.markerSize">5</option>
</chart>
</panel>
</row>
</dashboard>
... View more
- Tags:
- charting
02-16-2017
05:54 AM
This is essentially the same as my "convoluted" solution. In my opinion, it has general usage and should not take that much code to do such a trivial work. strptime does get the correct epoch time (UTC), just need an elegant way to convert it in any given time zone. Python added astimezone() method in dateutil (not datetime), so it has demand.
Thanks a lot for your time!
... View more
02-15-2017
09:59 AM
It would not be able to handle Indian time, and not sure why it's 14:24, not 15:24?
It turns out strptime would convert to system locale:
|makeresults 1 | eval st = "2017-02-10T10:24:58.290+05:30"
| eval tt1 = strptime(st, "%Y-%m-%dT%H:%M:%S.%3Q%:z")
| eval tt2 = strftime(tt1, "%Y-%m-%dT%H:%M:%S.%3Q%:z")
| eval offset=strftime(tt1, "%:z")
| table st, tt2, offset
The result is surprising: offset: -5:00. tt2: "2017-02-09T23:54:58.290-05:00". So if my splunk server was set to GMT then it would be all set.
Creating a python command is much easier and does not require server settings change.
It would be nice if Splunk can provide a standard command like astimezone(epoch_time, zone_name) similar to that in python dateutil. It would only need a few lines of code.
Thanks!
... View more
02-13-2017
06:45 AM
Thanks Burch. But here is exactly where my problem is. The utctime is still 10:24, not 15:24 as I would expect.
But I think that's how the date time is supposed to work, instead of changing the hours ,it uses a timezone field (%Z).
... View more
02-10-2017
02:12 PM
Here is what I meant by convoluted way:) Gotta have a better solution...
| eval _tt1 = strptime(st, "%Y-%m-%dT%H:%M:%S.%3Q%:z") | eval _tt2 = strftime(_tt1, "%:z") | rex field=_tt2 "(?[+-])(?[^:]):(?[\d])" | convert num(hh) as hh | convert num(mm) as mm | eval sec = (hh*60*60 + mm*60) | eval offset=if(pm=="-", sec*(-1), sec) | eval _tt3 = _tt1 - offset | eval utc_time = strftime(_tt3, "%Y-%m-%d %H:%M:%S.%3Q")
... View more
02-10-2017
01:54 PM
The value is from the data that is already indexed, and can be from different time zones ("-5:00" can be different values). I need to extract the field and make it a UTC time. I can make it work with a bunch of eval statements but seems too convoluted for such a simple common job.
Thanks for your response.
... View more
02-10-2017
12:25 PM
I have a date field in the format "2017-02-10T10:24:58.290-05:00", which means 10:24:58 in EST timezone. How do I convert it to straight UTC time "2017-02-10T15:24:58.290"? The data is already indexed so I can only do it at search time. There were some similar questions but I could not find a good way to do it. Do I miss something obvious here?
Thanks!
... View more
09-08-2016
02:17 PM
My bad. It does work. No need for a second textinput. Very cool. Thanks!
... View more
09-08-2016
12:09 PM
Got it work with css style. I only need to see one textinput, so the actualToken one should not show on the page.
Thanks a lot!
... View more
09-08-2016
11:36 AM
almost there, if I create another textinput, it works perfectly in terms of functionality. there must be a way to hide the actual input. This is certainly the right direction. I appreciate your help.
... View more
09-08-2016
06:01 AM
This seems a common situation: need to trim the white spaces in a text input box. With html, I can do it inside submit.on("submit"), but it seems a hack, and I need it work with simple xml as well. Could someone share the best approach?
Thanks,
Tony
... View more
08-17-2016
07:51 AM
1 Karma
If you are using GeneratingCommand in python sdk, here is the answer, tested both at Search command and in a dashboard:
def generate(self):
....
search_results = self.search_results_info
logger.debug('search time: %s %s' % (str(search_results.search_et), str(search_results.search_lt)) )
....
Result:
search time: 1470837600.0 1471443921.0
... View more
08-16-2016
06:41 AM
this is for custom command, not regular Splunk search. the time range is used as parameters for a custom command that is consumed by python code on the Splunk server, not within dashboard page.
... View more
08-15-2016
10:10 AM
I know this is an old thread. But here is my solution:
create an regular time picker input field, and use earliest and latest as command parameter. The python can get the them as normal parameters.
<input type="time" token="my_time" searchWhenChanged="false">
<label>Time Range</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
....
<search>
<query>|mycommand myparameters earliest=$my_time.earliest$ latest=$my_time.latest$
</query>
</search>
It does not seem to have a built-in validator for time range. this brings a new question: is there a way to get the parsed time values? Hate to redo it as Splunk has already done it.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-17-2023
11:56 AM
|
