Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About ho000dor
ho000dor
Explorer
Member since:
02-27-2014
06-05-2020
Community Statistics
| Posts | 13 |
| Solutions | 1 |
| Karma Given | 2 |
| Karma Received | 2 |
| Member Since | 02-27-2014 |
Activity Feed
- Karma Re: Make one column in table module have hyperlinks but leave the rest non-link for sideview. 06-05-2020 12:47 AM
- Karma Re: Copy Value From Table to ClipBoard for sideview. 06-05-2020 12:47 AM
- Got Karma for How to use a lookup to omit data from results?. 06-05-2020 12:47 AM
- Got Karma for Copy Value From Table to ClipBoard. 06-05-2020 12:47 AM
- Posted Re: Copy Value From Table to ClipBoard on All Apps and Add-ons. 11-08-2014 06:23 AM
- Posted Re: Copy Value From Table to ClipBoard on All Apps and Add-ons. 11-06-2014 11:32 PM
- Posted Copy Value From Table to ClipBoard on All Apps and Add-ons. 11-06-2014 11:27 PM
- Tagged Copy Value From Table to ClipBoard on All Apps and Add-ons. 11-06-2014 11:27 PM
- Tagged Copy Value From Table to ClipBoard on All Apps and Add-ons. 11-06-2014 11:27 PM
- Posted How to use a lookup to omit data from results? on Splunk Search. 10-31-2014 11:52 AM
- Tagged How to use a lookup to omit data from results? on Splunk Search. 10-31-2014 11:52 AM
- Tagged How to use a lookup to omit data from results? on Splunk Search. 10-31-2014 11:52 AM
- Tagged How to use a lookup to omit data from results? on Splunk Search. 10-31-2014 11:52 AM
- Posted Make one column in table module have hyperlinks but leave the rest non-link on All Apps and Add-ons. 10-30-2014 11:20 AM
- Tagged Make one column in table module have hyperlinks but leave the rest non-link on All Apps and Add-ons. 10-30-2014 11:20 AM
- Tagged Make one column in table module have hyperlinks but leave the rest non-link on All Apps and Add-ons. 10-30-2014 11:20 AM
- Tagged Make one column in table module have hyperlinks but leave the rest non-link on All Apps and Add-ons. 10-30-2014 11:20 AM
- Posted What is the best approach to have an XML dashboard timechart drilldown convert the macro to raw search and have drilldown chart click value still be implemented? on All Apps and Add-ons. 10-28-2014 06:57 AM
- Tagged What is the best approach to have an XML dashboard timechart drilldown convert the macro to raw search and have drilldown chart click value still be implemented? on All Apps and Add-ons. 10-28-2014 06:57 AM
- Tagged What is the best approach to have an XML dashboard timechart drilldown convert the macro to raw search and have drilldown chart click value still be implemented? on All Apps and Add-ons. 10-28-2014 06:57 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-08-2014
06:23 AM
The solution i'm trying to achieve is with the table module. The table content includes lookup values. The content is contact info that is used on another URL. I can copy the value no problem and paste it in the destination URL but i'm lazy and have had good fortune with splunk so far.
Also, the destination URL doesn't contain anything in the URL that would reference the contact info so click param in the redirector module might not be the answer. This is not important, its just to remove some monotony from the users job and seems like a fun experiment.
... View more
11-06-2014
11:32 PM
<module name="Search" group="TEST">
<param name="search">search TESTSEARCH | table TEST_CONTENT</param>
<module name="Table" layoutPanel="panel_row3_col1">
<param name="count">10</param>
<module name="HTML" group="row.fields.TEST_CONTENT">
<param name="html"><![CDATA[<a href="$row.fields.TEST_CONTENT$">$row.fields.TEST_CONTENT$</a>]]></param>
</module>
</module>
</module>
... View more
11-06-2014
11:27 PM
1 Karma
Hello,
I have a table module that passes data to an html module. I was wondering if when the user clicks the data, the field value can be automatically copied to the users clipboard and another URL opened? I don't want to pass any values to the other URL.
search TESTSEARCH | table TEST_URL
10
$row.fields.TEST_URL$]]>
... View more
10-31-2014
11:52 AM
1 Karma
Hi,
Do i need to do a subsearch for this or is there a more efficient way?
I'm trying to ignore every URL in the "URL" column from the lookup...
index="test1" RESPONSE="50*" URL="*" NOT | lookup 500KNOWN URL
The lookup just has a column with URLs that I want to ignore.
... View more
10-30-2014
11:20 AM
Hello,
The saved search creates a table with multiple rows. testrow7 is populated from a lookup and is just URLs to another site. I just want to make a hyperlink for those URLS and have it redirect to another tab or browser. Is that possible?
<module name="HiddenSavedSearch" layoutPanel="panel_row1_col1" group="test1" autoRun="True">
<param name="useHistory">True</param>
<param name="savedSearch">testsearch</param>
<module name="JobProgressIndicator" />
<module name="Export">
<param name="exportType">results</param>
</module>
<module name="Paginator">
<param name="count">3</param>
<param name="entityName">results</param>
<module name="Table" layoutPanel="panel_row1_col1">
<param name="count">100</param>
</module>
</module>
</module>
... View more
10-28-2014
06:57 AM
Hello,
Problem #1 viewredirectorlink
ViewRedirectorLink only shows up when i click on something in the chart
Problem #2: onclick
What's the best approach to have the drilldown convert the macro to raw search and have the drilldown chart click value still be implemented - 'Time' and 'Field' drill-down Content would would be ideal.
The current set up below does convert the macro to raw search. However, if a user clicks on the bar in the chart, it redirects with the count value. This is not helpful and often times yields 0 results if the count has increased.
<module name="HiddenSavedSearch" layoutPanel="panel_row3_col1" group="test1" autoRun="True">
<param name="useHistory">auto</param>
<param name="savedSearch">savedSEARCHwithMACRO1</param>
<module name="HiddenChartFormatter">
<param name="charting.legend">legend</param>
<param name="charting.legend.labelStyle.maximumWidth">500</param>
<param name="charting.legend.labelStyle.minimumWidth">500</param>
<param name="charting.chart.stackMode">stacked</param>
<param name="charting.legend.placement">right</param>
<param name="charting.chart">column</param>
<param name="charting.legend.labelStyle.defaultTextFormat">{font:Arial,size:09}</param>
<param name="charting.fieldColors">{"NothingToReport":0x00FF00}</param>
<module name="JobProgressIndicator"/>
<module name="FlashChart">
<param name="height">250px</param>
<module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="True">
<param name="search"><![CDATA[`MACRO1`]]></param>
<param name="earliest">-2h</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirectorLink">
<param name="popup">True</param>
<param name="viewTarget">flashtimeline</param>
<param name="label">All Results</param>
</module>
</module>
</module>
</module>
</module>
</module>
I have also used the sideview html modules but i'm not sure how or if it could convert the macro to raw search.
... View more
10-24-2014
11:47 AM
It could vary.
Anything from:
192.168.1.1 4.2.2.2 blah blah other stuff
or
otherstuff 192.168.1.1 blah blah
or
otherstuff blah blah 192.168.1.1 blah blah 4.2.2.2 otherstuff
ip2 can be null if there isn't a second IP. Is that possible or do i have to set up a second | rex?
... View more
10-24-2014
11:25 AM
Hi,
Does anyone know what i need to put in between these two fields in order to make the query continue on the ip2 if ip1 is found on a single log event? Sometimes there may not be an ip2... \s+ is what i have currently.
| rex "(?i)(?<ip1>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?<ip2>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
... View more
07-16-2014
08:51 PM
I have a dashboard that has a large number of panels, 18 to be exact. When there is an outage and one of the panels starts counting a large number of events , the rest of the panels are blank on the next refresh.
I didn't have the problem until splunk 6. Is it a bug?
I'm using flash charts in the panels and columns set to 35 bins over 2 hours
the only solution i have found, is to comment out the panels with a large number of events, then the dashboard starts working again which defeats the purpose of the dashboard.
... View more
03-01-2014
08:06 AM
do i have to use transform.conf in order to create a lookup? some users won't have access to that.
... View more
02-28-2014
06:52 PM
What's the easiest way to create a key for a list of octets that need to be renamed?
Example:
I have a rex query that pulls the 3rd, 4th OCTET, and Port
For example - 192.168.2.9:23 the rex would extract 2.9:23 to 3 seperate fields
rex would extract 3 fields respectively to this fieldA=2 fieldB=9 fieldC=23
To set up a key, I would prefer to use a macro so different users can modify values
To keep it simple, the key would look something like this and would rename the octets extracted from the rex above and ultimately a new field would be created, that concatenates multiple values.
2=branchoffice
9=adminhost
23=telnet
new field would look like this:
branchoffice->adminhost->telnet
... View more
