Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About vil505
vil505
Explorer
Member since:
05-11-2016
06-05-2020
Community Statistics
| Posts | 16 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 05-11-2016 |
Activity Feed
- Karma Re: Can I use a text input form to filter down to the top user results for my search? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: How can I use a text input form to search through a table to narrow down results? for sundareshr. 06-05-2020 12:48 AM
- Karma Re: Is it possible to use Linux commands in the search as a normal user? for sundareshr. 06-05-2020 12:48 AM
- Posted Re: Populating multiselect input conditional on another multiselect input? on Dashboards & Visualizations. 06-27-2016 01:08 PM
- Posted Populating multiselect input conditional on another multiselect input? on Dashboards & Visualizations. 06-21-2016 11:14 AM
- Tagged Populating multiselect input conditional on another multiselect input? on Dashboards & Visualizations. 06-21-2016 11:14 AM
- Tagged Populating multiselect input conditional on another multiselect input? on Dashboards & Visualizations. 06-21-2016 11:14 AM
- Posted Re: Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-10-2016 08:47 AM
- Posted Re: Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-08-2016 08:56 AM
- Posted Re: Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-08-2016 08:55 AM
- Posted Re: Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-08-2016 08:55 AM
- Posted Re: Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:48 AM
- Posted Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:37 AM
- Tagged Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:37 AM
- Tagged Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:37 AM
- Tagged Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:37 AM
- Tagged Is it possible to create a text field where users can type keywords to search the results in a table? on Splunk Search. 06-07-2016 10:37 AM
- Posted Re: Using Rex to extract string from event for table on Splunk Search. 06-06-2016 10:38 AM
- Posted Using Rex to extract string from event for table on Splunk Search. 06-06-2016 10:24 AM
- Tagged Using Rex to extract string from event for table on Splunk Search. 06-06-2016 10:24 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
06-27-2016
01:08 PM
Thank you for getting back to me, and I apologize for replying to this thread so late.
I'll start working on setting that up, but as an alternative, is there any way for this xml to work:
<row>
<panel>
<input type="multiselect" token="testtoka">
<label>select index</label>
<default>*amx*</default>
<choice value="*amx*">All</choice>
<choice value="amx3_cthamp">cthamp</choice>
<choice value="amx_authamp">authamp</choice>
<choice value="amx_bosmarbal">bosmarbal</choice>
<choice value="amx_cdac">cdac</choice>
<choice value="amx_institution">institution</choice>
<choice value="amx_uam">uam</choice>
<choice value="app_amx">app_amx</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>index="</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter> OR </delimiter>
</input>
<input type="dropdown" token="testtokb">
<label>Hosts</label>
<prefix>host="</prefix>
<suffix>"</suffix>
<default>*</default>
<!--Define the default value -->
<choice value="*">All</choice>
<!-- Define the choices with a populating search-->
<populatingSearch fieldForValue="testtokb" fielForLabel="testtokb">
<![CDATA[index="$testtoka$" | stats count by host]]>
</populatingSearch>
</input>
<table>
<title>test</title>
<search>
<query>host=$testtokb$ source=* "error"| rex "(?<error>)"| rex "\d+\-\d+\-\d+\s+\d+\:\d+\:\d+\,\d+\s+(?<error>.*)"| table _time index host source error</query>
<earliest>$timetok1.earliest$</earliest>
<latest>$timetok1.latest$</latest>
</search>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="drilldown">row</option>
</table>
I tried setting this up so the index in the multi-select will populate the dropdown. However, when I select an index, the dropdown just says "Search produced no results."
Any thought?
... View more
06-21-2016
11:14 AM
I'm trying to set up a dashboard that will allow a user to see the stats of the hosts they select. What I would like to do is make it so the user will select an input, or multiple input, via multiselect, and choice will determine what hosts appear in a second multiselect. For example, say I select the cthamp index in the first input. Then in the second input, I should see a choice of prdctlvamx306.clientsys.local, prdctlvamx307.clientsys.local, and so on and so forth. I have the index multiselect set up, but I don't know how to even begin setting up the host multiselect. Here is my xml:
<form>
<label>AMX Version 2</label>
<description>Experiment in dashboard search capabilities, designed to give the user more control over what they see in a dashboard.</description>
<fieldset submitButton="false">
<input type="time" token="timetok1">
<label>Select a time range.</label>
<default>
<earliest>-15m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="multiselect" token="indextok" searchWhenChanged="true">
<label>Select one or more indexes.</label>
<default>*amx*</default>
<choice value="*amx*">All</choice>
<choice value="amx3_cthamp">cthamp</choice>
<choice value="amx_authamp">authamp</choice>
<choice value="amx_bosmarbal">bosmarbal</choice>
<choice value="amx_cdac">cdac</choice>
<choice value="amx_institution">institution</choice>
<choice value="amx_uam">uam</choice>
<choice value="app_amx">app_amx</choice>
<prefix>(</prefix>
<suffix>)</suffix>
<valuePrefix>index="</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter> OR </delimiter>
</input>
<input type="multiselect" token="hosttok1">
<label>Select target hosts.</label>
<change>
<condition label="cthamp">
<set choice="prdctlvamx306.clientsys.local">prdctlvamx306.clientsys.local</set>
</condition>
</change>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>index=*amx*| stats count by index</query>
<earliest>-15m</earliest>
<latest>now</latest>
</search>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Error Table</title>
<search>
<query>$indextok$ host=* source=* "error"| rex "(?<error>)"| rex "\d+\-\d+\-\d+\s+\d+\:\d+\:\d+\,\d+\s+(?<error>.*)"| table _time index host source error</query>
<earliest>$timetok1.earliest$</earliest>
<latest>$timetok1.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
</form>
... View more
06-10-2016
08:47 AM
I found a simple work around.
The text box was looking for the exact string, the whole error string. All I had to do was put wild cards on each side of the word I type in.
... View more
06-08-2016
08:56 AM
This is the table I see. I couldn't post this image into the comments.
... View more
06-07-2016
10:48 AM
Still nothing.
Here's the rest of the source code, if it helps at all.
<panel>
<input type="time" token="timetok1">
<label>Select a time range.</label>
<default>
<earliest>-15m@m</earliest>
<latest>now</latest>
</default>
</input>
<input type="dropdown" token="hosttok1">
<label>Select a host.</label>
<default>prdctlsstrstp*</default>
<choice value="prdctlsstrstp*">All</choice>
<choice value="prdctlsstrstp09">prdctlsstrstp09</choice>
<choice value="prdctlsstrstp10">prdctlsstrstp10</choice>
<choice value="prdctlsstrstp11">prdctlsstrstp11</choice>
<choice value="prdctlsstrstp12">prdctlsstrstp12</choice>
<choice value="prdctlsstrstp13">prdctlsstrstp13</choice>
<choice value="prdctlsstrstp14">prdctlsstrstp14</choice>
<choice value="prdctlsstrstp15">prdctlsstrstp15</choice>
<choice value="prdctlsstrstp16">prdctlsstrstp16</choice>
<choice value="prdctlsstrstp17">prdctlsstrstp17</choice>
<choice value="prdctlsstrstp18">prdctlsstrstp18</choice>
<choice value="prdctlsstrstp19">prdctlsstrstp19</choice>
<choice value="prdctlsstrstp20">prdctlsstrstp20</choice>
<choice value="prdctlsstrstp21">prdctlsstrstp21</choice>
<choice value="prdctlsstrstp22">prdctlsstrstp22</choice>
<choice value="prdctlsstrstp23">prdctlsstrstp23</choice>
<choice value="prdctlsstrstp24">prdctlsstrstp24</choice>
<choice value="prdctlsstrstp25">prdctlsstrstp25</choice>
<choice value="prdctlsstrstp26">prdctlsstrstp26</choice>
<choice value="prdctlsstrstp27">prdctlsstrstp27</choice>
<choice value="prdctlsstrstp28">prdctlsstrstp28</choice>
<choice value="prdctlsstrstp29">prdctlsstrstp29</choice>
<choice value="prdctlsstrstp30">prdctlsstrstp30</choice>
</input>
<input type="dropdown" token="sourcetok1">
<label>Select a directory</label>
<default>/app/qp/streamerserver/logs/streaming*</default>
<choice value="/app/qp/streamerserver/logs/streaming*">All</choice>
<choice value="/app/qp/streamerserver/logs/streaming/1/nohup.out">/app/qp/streamerserver/logs/streaming/1/nohup.out</choice>
<choice value="/app/qp/streamerserver/logs/streaming/2/nohup.out">/app/qp/streamerserver/logs/streaming/2/nohup.out</choice>
<choice value="/app/qp/streamerserver/logs/streaming/3/nohup.out">/app/qp/streamerserver/logs/streaming/3/nohup.out</choice>
<choice value="/app/qp/streamerserver/logs/streaming/4/nohup.out">/app/qp/streamerserver/logs/streaming/4/nohup.out</choice>
</input>
<input type="text" token="texttok1">
<label>Enter an error.</label>
<default>*</default>
</input>
<table>
<search>
<query>host=$hosttok1$ "ERROR" sourcetype=streamer_nohup source=$sourcetok1$| regex _raw!="WARN"| rex "(?<error>\w{5}\s+.{100})"| table _time host source error| search error="$texttok1$"</query>
<earliest>$timetok1.earliest$</earliest>
<latest>$timetok1.latest$</latest>
</search>
<option name="wrap">false</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
<panel>
... View more
06-07-2016
10:37 AM
I'm making a table that reports the error events on servers. I was able to make this work fine, allowing it to show the error string, the host and directory it occurred on, and the time it occurred. Now, I would like to make it so the user can type in key words in a text field and the table will only show the events that have these word. When I tried to do this, however, the table returned "No results found." For example, I can have the text input set to the default * and it will show the errors fine, but if I type in "ERROR," which all the events have, it will give me know results found.
Here is the string I am using:
host=$hosttok1$ "ERROR" sourcetype=streamer_nohup source=$sourcetok1$| regex _raw!="WARN"| rex "(?<error>\w{5}\s+.{100})"| table _time host source error| search error=$texttok1$
This is based on a previous table I made that shows IP address and allows you to seek specific IP addresses:
index=qp_mds sourcetype=mds_perf host=$hosttok1$| rex "(?<IP>\d+\.\d+\.\d+\.\d+)" | table _time host IP| search IP=$texttok1$
Note that the IP table works exactly as intended.
... View more
06-06-2016
10:38 AM
No, that didn't work. Now the just shows up blank.
... View more
06-06-2016
10:24 AM
Hi,
I'm sure this is very simple, but I'm fairly new to regex and rex.
I'm trying to use rex to extract a string from the event logs, and then show that sring in a table.
Here is a sample event:
"2016-06-06 12:14:11,114 [RMI TCP Connection(453679)-10.128.110.184]- Remote invocation of " and here would be specifics.
Using the field extractor, I came up with the following:
rex field=_raw "(?ms)^(?:[^ \\n]* ){5}(?P<Remote_Invocation>\\w+\\s+\\w+\\s+)"
This allowed me to use the following search to table it:
index=qp_mds source="/app/logdata/logs/marketdata/performance.log"| rex field=_raw "(?ms)^(?:[^ \\n]* ){5}(?P<Remote_Invocation>\\w+\\s+\\w+\\s+)"| Table Remote_Invocation
However, all my table shows is Remote Invocation where the event should be. I can get the string if I table _raw, but it give me the whole string, whereas I only want what is after Remote invocation. Any help would be greatly appreciated.
Thank you.
... View more
05-26-2016
12:51 PM
As a normal user, is there any way for me to use:
ps -aux| grep httpd| wc -l
in Splunk's search bar? I'm trying to get a line count on logs through it.
... View more
05-12-2016
12:21 PM
Well that was simple. Thank you so much!
Here's the xml code for reference.
Processes logged on prdctlvapigee01 in set time period
Enter PID. Then click the blank space next to the text box.
*
Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee01
host=prdctlvapigee01 pid=$txtPID_tok1$ source=ps| stats count by pid process
$timetok2.earliest$
$timetok2.latest$
true
false
none
cell
10
... View more
05-12-2016
10:55 AM
When I try that, I get a syntax error: Cannot find object mapper for panel type: default
Here is what I wrote:
<row>
<panel>
<title>Processes logged on prdctlvapigee01 in set time period</title>
<input type="text" token="txtPID_tok"></input>
<default>*</default>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee01</title>
<search>
<query>host=prdctlvapigee01 pid=$txtPID_tok$ source=ps| stats count by pid process</query>
... View more
05-12-2016
09:24 AM
This is probably simple, but how can I use the text input in a form to narrow down my results? I'm building a form that monitors the space used and the processes running on several servers. I would like to make it so the user can type in the PID to find the process they want. I'd also like to be able to search by name, if possible, but the PID take precedence.
Here is my xml code. The tables I want to filter the "Processes logged on" filter. Process is the name of the process.
<form>
<label>Apigee Servers: Disk Space, Memory, and Performance</label>
<fieldset submitButton="false">
<input type="time" token="timetok">
<label>Sets Time Range for Percent Space Used Charts</label>
<default>
<earliest>-1d@d</earliest>
<latest>now</latest>
</default>
</input>
<input type="time" token="timetok2">
<label>Sets Time Range for Process Tables</label>
<default>
<earliest>-15min@min</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<title>prdctlvapigee01 PercentUsedSpace</title>
<chart>
<title>Tracks the PercentUsedSpace on prdctlvapigee01</title>
<search>
<query>host=prdctlvapigee01 source=df MountedOn="/app"| timechart latest(PercentUsedSpace) as PercentUsedSpace</query>
<earliest>$timetok.earliest$</earliest>
<latest>$timetok.latest$</latest>
</search>
<option name="charting.legend.placement">right</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.drilldown">all</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart">line</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisY.maximumNumber">100</option>
<option name="charting.axisY.minimumNumber">0</option>
</chart>
</panel>
<panel>
<title>prdctlvapigee02 PercentUsedSpace since midnight</title>
<chart>
<title>Tracks the PercentUsedSpace on prdctlvapigee02</title>
<search>
<query>host=prdctlvapigee02 MountedOn="/app"| timechart latest(PercentUsedSpace) as PercentUsedSpace</query>
<earliest>$timetok.earliest$</earliest>
<latest>$timetok.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisY.maximumNumber">100</option>
<option name="charting.axisY.minimumNumber">0</option>
</chart>
</panel>
<panel>
<title>prdctlvapigee03 PercentUsedSpace since midnight</title>
<chart>
<title>Tracks the PercentUsedSpace on prdctlvapigee03</title>
<search>
<query>host=prdctlvapigee03 MountedOn="/app"| timechart latest(PercentUsedSpace) as PercentUsedSpace</query>
<earliest>$timetok.earliest$</earliest>
<latest>$timetok.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisY.maximumNumber">100</option>
<option name="charting.axisY.minimumNumber">0</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>prdctlvapigee04 /app/pgdata PercentUsedSpace since midnight</title>
<chart>
<title>Tracks the PercentUsedSpace on prdctlvapigee04</title>
<search>
<query>host=prdctlvapigee04 MountedOn="/app/pgdata"| timechart latest(PercentUsedSpace) as PercentUsedSpacen</query>
<earliest>$timetok.earliest$</earliest>
<latest>$timetok.latest$</latest>
</search>
<option name="charting.legend.placement">right</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.drilldown">all</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart">line</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
<option name="charting.axisY.maximumNumber">100</option>
<option name="charting.axisY.minimumNumber">0</option>
</chart>
</panel>
<panel>
<title>prdctlvapigee05 /app/pgdata PercentUsedSpace since midnight</title>
<chart>
<title>Tracks the PercentUsedSpace on prdctlvapigee05</title>
<search>
<query>host=prdctlvapigee05 MountedOn="/app/pgdata"| timechart latest(PercentUsedSpace) as PercentUsedSpace</query>
<earliest>$timetok.earliest$</earliest>
<latest>$timetok.latest$</latest>
</search>
<option name="charting.chart">line</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="charting.axisY.maximumNumber">100</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisLabelsY.majorUnit">1</option>
</chart>
</panel>
</row>
<row>
<panel>
<title>Processes logged on prdctlvapigee01 in set time period</title>
<input type="text" token="field1"></input>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee01</title>
<search>
<query>host=prdctlvapigee01 pid="*" source=ps| stats count by pid process</query>
<earliest>$timetok2.earliest$</earliest>
<latest>$timetok2.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<title>Processes logged on prdctlvapigee02 in set time period</title>
<input type="text" token="field2"></input>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee02</title>
<search>
<query>host=prdctlvapigee02 pid="*" source=ps| stats count by pid process</query>
<earliest>$timetok2.earliest$</earliest>
<latest>$timetok2.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Processes logged on prdctlvapigee03 in set time period</title>
<input type="text" token="field3"></input>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee03</title>
<search>
<query>host=prdctlvapigee03 pid="*" source=ps| stats count by pid process</query>
<earliest>$timetok2.earliest$</earliest>
<latest>$timetok2.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<title>Processes logged on prdctlvapigee04 in set time period</title>
<input type="text" token="field4"></input>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee04</title>
<search>
<query>host=prdctlvapigee04 pid="*" source=ps| stats count by pid process</query>
<earliest>$timetok2.earliest$</earliest>
<latest>$timetok2.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel>
<title>Processes logged on prdctlvapigee05 in set time period</title>
<input type="text" token="field5"></input>
<table>
<title>Reports the processes and their PIDs reported in the Splunk logs in the time you set, for prdctlvapigee05</title>
<search>
<query>host=prdctlvapigee05 pid="*" source=ps| stats count by pid process</query>
<earliest>$timetok2.earliest$</earliest>
<latest>$timetok2.latest$</latest>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
</form>
... View more
05-12-2016
06:45 AM
That doesn't work. It just says "Search is waiting for input."
Here is the xml I'm working with:
<form>
<label>Test Form for Sorting</label>
<row>
<panel>
<input type="text" token="toplimit"></input>
<table>
<search>
<query>index=* host="prd-p-242xf4n33bzp"| head 10000|top customer_name limit=$toplimit$</query>
<earliest>-15</earliest>
<latest>now</latest>
</search>
<option name="charting.legend.placement">right</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.drilldown">all</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart">bar</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
</table>
</panel>
</row>
</form>
... View more
05-11-2016
05:21 AM
Is there a general way for me to use the text input in a form to filter it down to the top users, depending on the number I enter in the text?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
