Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About C4r7m4n
C4r7m4n
Path Finder
Member since:
03-19-2012
06-05-2020
Community Statistics
| Posts | 30 |
| Solutions | 2 |
| Karma Given | 2 |
| Karma Received | 3 |
| Member Since | 03-19-2012 |
Activity Feed
- Got Karma for How to search events that occur at least one per day, count as one and number of such counts are 5 or more per one week?. 07-27-2022 09:10 AM
- Karma Re: Does somebody can write steps how to add content from another site to dashboard? for MHibbin. 06-05-2020 12:46 AM
- Karma Re: Single Value change font size for Drainy. 06-05-2020 12:46 AM
- Got Karma for Single Value change font size. 06-05-2020 12:46 AM
- Got Karma for Single Value change font size. 06-05-2020 12:46 AM
- Posted Re: Does somebody can write steps how to add content from another site to dashboard? on Dashboards & Visualizations. 04-30-2012 06:39 AM
- Posted Re: Does somebody can write steps how to add content from another site to dashboard? on Dashboards & Visualizations. 04-27-2012 01:34 AM
- Posted Does somebody can write steps how to add content from another site to dashboard? on Dashboards & Visualizations. 04-26-2012 02:48 AM
- Tagged Does somebody can write steps how to add content from another site to dashboard? on Dashboards & Visualizations. 04-26-2012 02:48 AM
- Tagged Does somebody can write steps how to add content from another site to dashboard? on Dashboards & Visualizations. 04-26-2012 02:48 AM
- Posted Re: How to add content from another site to dashboard? on Dashboards & Visualizations. 04-25-2012 02:11 PM
- Posted Re: How to add content from another site to dashboard? on Dashboards & Visualizations. 04-20-2012 07:20 AM
- Posted How to add content from another site to dashboard? on Dashboards & Visualizations. 04-18-2012 04:08 AM
- Tagged How to add content from another site to dashboard? on Dashboards & Visualizations. 04-18-2012 04:08 AM
- Tagged How to add content from another site to dashboard? on Dashboards & Visualizations. 04-18-2012 04:08 AM
- Tagged How to add content from another site to dashboard? on Dashboards & Visualizations. 04-18-2012 04:08 AM
- Tagged How to add content from another site to dashboard? on Dashboards & Visualizations. 04-18-2012 04:08 AM
- Posted Re: Exclude events that do not occur each day from search on Splunk Search. 04-16-2012 07:15 AM
- Posted Re: How to search events that occur at least one per day, count as one and number of such counts are 5 or more per one week? on Splunk Search. 04-12-2012 11:46 PM
- Posted Exclude events that do not occur each day from search on Splunk Search. 04-12-2012 05:36 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 2 | |||
| 0 |
04-30-2012
06:39 AM
Hello @MHibbin
Thank you for your answer, it helps me a lot.
I have successfully created view and added some sites as you described. The problem still bother me is there a way to mix this iframe with components from dashboard e.g. single value button, I mean on the one raw there is single value button and on the second one there is iframe. And second thing: Is there a way to add url, when someobdy have to domain login or just login to see some site.
Best Regards,
C4r7m4n
... View more
04-27-2012
01:34 AM
Hello @MHibbin,
So i created new dashboard, removed:
\?xml version='1.0' encoding='utf-8'?\
\dashboard>
\label>iframe</label>
\/dashboard>
and added this code:
\?xml version='1.0' encoding='utf-8'?\
\view
\module name="IFrameInclude"
\param name="src">google.com\/param
\param name="check_exists">True\/param
\module\
\view\
to $SPLUNK_HOME/etc/apps/search/local/data/ui/views/iframe.xml
from http://docs.splunk.com/Documentation/Splunk/latest/Developer/UseHTML#Add_an_IFrame
And now what ? 😉 Nothing happened. The google first site didn't appear in my dashboard.
Best Regards,
C4r7m4n
... View more
04-26-2012
02:48 AM
Hello
Does somebody can write steps how to add content from another site to existing dashboard?
I have tried use steps from Documentation: http://docs.splunk.com/Documentation/Splunk/4.3.2/Developer/UseHTML#Add_an_IFrame
but it doesn't work ;(
Best Regards,
C4r7m4n
... View more
04-25-2012
02:11 PM
hello @nick
I have wrote to you an email a couple day ago, did you got it?
... View more
04-20-2012
07:20 AM
hello @nick
Thanks you for respond. How exactly find your email? 😉
Best Regards,
C4r7m4n
... View more
04-18-2012
04:08 AM
Hello,
I want to add to my dashboard called iframe, content from some side e.g. google.com
So i create dashboard iframe, remove:
\?xml version='1.0' encoding='utf-8'?\
\dashboard>
\label>iframe</label>
\/dashboard>
and add this code:
\?xml version='1.0' encoding='utf-8'?\
\view
\module name="IFrameInclude"
\param name="src">google.com\/param
\param name="check_exists">True\/param
\module\
\view\
from http://docs.splunk.com/Documentation/Splunk/latest/Developer/UseHTML#Add_an_IFrame
to $SPLUNK_HOME/etc/apps/search/local/data/ui/views/iframe.xml
It doesn't affect to my dashboard. What am I doing wrong?
Best Regards,
C4r7m4n
... View more
04-16-2012
07:15 AM
Thanks @kristian.kolb, it's working 😉
... View more
04-12-2012
11:46 PM
Hello @jt_splunk
It's working, thx
... View more
04-12-2012
05:36 AM
Hello
I have this search:
earliest=-7d@d latest=@d source="/var/log/snmptrapfmt.log" (timeout_url="*.GE" OR timeout_url="*.tv" OR unavailable) AND NOT (timeout_url="*.com") | timechart count by timeout_url
and the result of this search is here: http://imageshack.us/photo/my-images/10/mollq.jpg/
Does somebody know how to remove/exclude from search events that do not occur in each day e.g. l(pink), w(dark green)
... View more
04-12-2012
04:31 AM
Hi @jt_splunk
Sorry I made a mistake I wrote count as not count by 😞
I will test it and give you respond... 😉
... View more
04-12-2012
01:42 AM
Hello @dart
Your code doesn't work for me. I have the same error as befor: Error in 'search' command: Unable to parse the search: unbalanced parentheses.
Secondly, i think it cannot work because in Search A there is not word neighbor so if you concatenate two first searches and the try to search regexp by neigbour, then when search A occure the regexp will not filtr this.
I don't know if I wrote this clearly...
... View more
04-12-2012
01:33 AM
Hello @jt_splunk
The statement: | where count > 4 | sort value desc
does not work for me:(
Does where word is not deprecated?
And why do You dedup by date_wday hostanem and name
instead only by date_wday
"If I understand correctly, for each day of the week, you only care if an event is present or not" -- correct
"Then, you want to know if that event occurs over the course of 5 days, right?" -- Then I want to know if that event occurs 5 times or more in the week (e.g. Monday, Tuesday, Wednesday, Friday and Sunday: 5 times in the week)
(e.g.2 Monday, Tuesday, Wednesday, Thursday, Friday and Sunday: 6 times in the week
Best Regards,
C4r7m4n
... View more
04-12-2012
12:59 AM
Hello @Ayn
Yes, You were right I didn't notice the search word.
I've changed this and it's worinking but I don't know why it's counting 2 time more 😞
This is my changed search:
BGP_NEIGHBOR_STATE_CHANGED source="udp:514" AND ("Established to Idle" OR "Established to Active" OR "Established to OpenConfirm") | append [search BGP-5-ADJCHANGE source="udp:514" Down | rex field=_raw "neighbor (?<neighbor>.*)" | table neighbor | dedup neighbor] | stats count as BGP_DOWN | rangemap field=BGP_DOWN low=0-0 elevated=1-1 default=severe
With code: stats count as BGP_DOWN | rangemap field=BGP_DOWN low=0-0 elevated=1-1 default=severe
it's counting to 6 instead 3. Do you have any idea why?
... View more
04-11-2012
02:28 AM
Hello @Ayn
I tried a couple of seconds ago what you have sent me and I've got error:
Search operation 'bgp' is unknown. You might not have permission to run this operation.
... View more
04-11-2012
01:59 AM
Hello
I have two searches:
Search A: BGP_NEIGHBOR_STATE_CHANGED source="udp:514" AND ("Established to Idle" OR "Established to Active" OR "Established to OpenConfirm" | stats count as BGP_DOWN | rangemap field=BGP_DOWN low=0-0 elevated=1-1 default=severe
Search B: BGP-5-ADJCHANGE source="udp:514" Down | rex field=_raw "neighbor (?<neighbor>.*)" | table neighbor | dedup neighbor | stats count as BGP_DOWN | rangemap field=BGP_DOWN low=0-0 elevated=1-1 default=severe
I want to connect these two searches into one and represent it as a single value.
I've tried sth like this:
((BGP_NEIGHBOR_STATE_CHANGED ("Established to Idle" OR "Established to Active" OR "Established to OpenConfirm") OR (BGP-5-ADJCHANGE Down | rex field=_raw "neighbor (?<neighbor>.*)" | table neighbor | dedup neighbor)) AND source="udp:514" | stats count as BGP_DOWN | rangemap field=BGP_DOWN low=0-0 elevated=1-1 default=severe
But I get error: Error in 'search' command: Unable to parse the search: unbalanced parentheses.
Is there a way to connect/concatenate two searches into one and visualize this as a single value?
Best Regards,
C4r7m4n
... View more
04-09-2012
09:33 AM
Hi @jt_splunk
Thank you for your respond.
I don't know how exactly field or all you have wrote, relate to my search: source="/var/log/alerts_splunk.log" hostname="*" (name="df.*" AND value>99) OR (name="*.var" AND value>95) | stats count by hostname name value | dedup hostname name | sort value desc
I don't quite understand statements: dedup date_wday <fieldofinterest> 😞
Remove duplicate occur at day of the week?
... View more
04-06-2012
12:09 AM
Hello @Joetron
What do you mean sample of events? (log?)
Below I attached picture: look at
... View more
04-05-2012
05:31 AM
1 Karma
Hello,
Does anybody know how to write a search that find events occur at least one per day and these events count as one and these counts must occur 5 or more times per week.
See http://imageshack.us/photo/my-images/854/5per7.jpg/
Best Regards,
C4r7m4n
... View more
- Tags:
- search
04-02-2012
06:23 AM
Hello,
I've created my additional links at alerts view, see picture below:
http://imageshack.us/photo/my-images/213/pic1bc.jpg/
at /splunk/share/splunk/search_mrsparkle/templates/alerts/index.html file. At 'My First Link":
<a href="http:google.pl" target="_blank" class="spl-icon-external-link-xsm">
<span>${('My First Link')}</span>
</a>
I put simple url like http://google.pl, works fine. But at 'My Second Link':
<a href="http://mynewurl/cgi-bin/view.fcgi?str=$hostname$:$name$&db_dir=/home/online/online-update/db&what=cgiwrapper&cgi_basename=custom.cgi&conf_fn=/home/online/online-update/conf.d/online-update.conf&period=h" target="_blank" class="spl-icon-external-link-xsm">
<span>${('My Second Link')}</span>
</a>
I want to pass two fields from ViewResult (hostname,name) to 'My Second Link' to login at machine where the alert appear. Does somebody know how to do that?
Maybe there is a file like: workflow_actions.conf where this solution:
[My Second Link]
display_location = both
fields = hostname,name
label = - Look At My Second Link
link.method = get
link.target = blank
link.uri = http://mynewurl/cgi-bin/view.fcgi?str=$hostname$:$name$&db_dir=/home/online/online-update/db&what=cgiwrapper&cgi_basename=custom.cgi&conf_fn=/home/online/online-update/conf.d/online-update.conf&period=h
type = link
works perfectly fine for me.
Best Regards,
C4r7m4n
... View more
03-30-2012
01:23 AM
Yes, changing font-size is working, but I cannot resize my button 😞
... View more
03-29-2012
03:35 PM
Hello @Drainy
Thanks for advice I've change:
`.splHeader h2 {
}`
I have one more question: Did you find width: auto code at one of your apps? I cant resize my button to 100% width of dashboardContent
... View more
03-29-2012
04:26 AM
Hi @Drainy
The code:
width: auto !important;
doesn't affect my button 😞
I've added:
.GenericHeader h3 {
margin-bottom:0;
margin-left:0;
margin-right:0;
margin-top:0;
padding-bottom:0;
padding-left:0;
padding-right:0;
padding-top:0;
}
to application.css
but should I add this code:
h3 {
color:#333333;
font-size:12px;
font-weight:bold;
}
to application.css either or to the file: modules-2d550c7beb294883349c0c8f1f73e8c1.min.css ?
... View more
