I'd like to extend the width of my drop down box in my dashboard because the source names are quite long and i'd like it all to show. How can I do this in XML without having to convert to HTML? Below is my XML for the drop down: <fieldset autoRun="true" submitButton="false" searchWhenChanged="true"> <input type="dropdown" token="sourcetoken" searchWhenChanged="true"> <label>Select a Source:</label> <search> <query>**My Search Query**</query> </search> <default>Select...</default> <fieldForLabel>source</fieldForLabel> <fieldForValue>source</fieldForValue> </input> </fieldset> And a image of what it currently looks like: ... View more

Hoping someone can help me out. This is my search: [| metadata type=sources index="test_inputs" | search source="GAL Servers ALL*" | sort recentTime desc | head 3 | fields source] search Type="Vuln" Severity="4" OR Severity="5"| chart count by Business_Service source | addtotals | sort -Total | fields - Total And it returns this: Currently each column is a different source, so 3 in total, called May 2015, June 2015, July 2015. The problem that i have is that on my chart, it's displaying as July 2015, June 2015, May 2015. How can i alter the search so it's displaying correctly? ... View more

I have a file that gets uploaded into Splunk every month and I use it to produce a graph using the data from the past 3 months. When I upload a new file, I'd like the search to only select the most recent 3 sources. It may be trivial, but how can I write the search to use only the 3 most recent sources? Here's my current search: index="test_inputs" source="Servers ALL*" Application!="n/a" Application!="." Type="Vuln" | chart count by Application source| addtotals | sort -Total | fields - Total ... View more