×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sabarinathankay
New Member
Member since: ‎11-04-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-04-2018
Activity Feed
View All

Pretty Print XML value on Table

by in Dashboards & Visualizations
‎11-19-2018 07:14 PM
‎11-19-2018 07:14 PM
Hello Splunk Experts, I have a Simple XML based dashboard which displays Input XML and Output XML as couple of columns(with all white spaces stripped off between the xml tags) in table results. I would like to pretty print the contents of the XML on the dashboard. I am not in a position to make use of external applications or external modules for pretty printing, Is there a way to workaround this issue. Any help would be highly appreciated. Thanks in Advance. Thanks and Regards, Sabari Nathan Krishnan ... View more

Is it possible to execute a different search query...

by in Dashboards & Visualizations
‎11-19-2018 04:35 PM
‎11-19-2018 04:35 PM
Hello Splunk Experts, I have this Simple XML dashboard with a simple Query. <search> <query> index="__" sourcetype="__" source="___" DOCUMENT_ID="'$documentId$'" SERVICE_NAME="$serviceName$" SUCCESS_STATE="$successState$" | eval SERVICE_INPUT = replace(SERVICE_INPUT,"{{","") | eval SERVICE_INPUT = replace(SERVICE_INPUT,"}}","") | eval SERVICE_OUTPUT = replace(SERVICE_OUTPUT,"{{","") | eval SERVICE_OUTPUT = replace(SERVICE_OUTPUT,"}}","") | eval SIP = SERVICE_INPUT | eval SOP = SERVICE_OUTPUT | eval SERVICE_INPUT = substr(SERVICE_INPUT,1,15) + toString("...") | eval SERVICE_OUTPUT = substr(SERVICE_OUTPUT,1,15) + toString("...") | table TIME_STAMP, TIME_SPENT, SERVICE_NAME, SUCCESS_STATE, DOCUMENT_ID, SERVICE_INPUT , SERVICE_OUTPUT , TRANSACTION_TYPE, MACHINE_NAME, SIP, SOP </query> <earliest>$dateFrom.earliest$</earliest> <latest>$dateFrom.latest$</latest> </search> <option name="drilldown">cell</option> <option name="count">50</option> <option name="showPager">true</option> <drilldown> <set token="serviceInput">$row.SIP$</set> <set token="serviceOutput">$row.SOP$</set> </drilldown> </table> The values for SERVICE_INPUT , SERVICE_OUTPUT will be quite huge and hence I am shortening the length of these values to be displayed on the results table. However, I have a drilldown beneath the main search results table, upon clicking a particular row, the complete XML message for SERVICE_INPUT and SERVICE_OUTPUT is being printed with the help of $row.SIP$ and $row.SOP$ values captured through the tokens. Now, I want to export the search results into a CSV with the entire row ie Untrimmed SERVICE_INPUT and SERVICE_OUTPUT. I want these columns to be exported to the CSV, "TIME_STAMP", TIME_SPENT, SERVICE_NAME, SUCCESS_STATE, DOCUMENT_ID, SERVICE_INPUT , SERVICE_OUTPUT , TRANSACTION_TYPE, MACHINE_NAME". Also I want to omit SIP and SOP values as they will be redundant for each row. In short, I need the untrimmed SERVICE_INPUT and SERVICE_OUTPUT to be exported by leaving out SIP and SOP from the export.csv file. How do I go about doing this? Any help will he highly appreciated. Thanks and Regards, Sabari Nathan Krishnan ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM