Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About eholz1
eholz1
Contributor
Member since:
03-25-2019
04-01-2023
Community Statistics
| Posts | 123 |
| Solutions | 2 |
| Karma Given | 43 |
| Karma Received | 3 |
| Member Since | 03-25-2019 |
Activity Feed
- Posted Re: Navigate from dashboard in one app to another dashboard on Dashboards & Visualizations. 04-01-2023 10:05 AM
- Karma Re: A link to another apps in navigation menu for MuS. 04-01-2023 10:04 AM
- Posted Re: Navigate from dashboard in one app to another dashboard on Dashboards & Visualizations. 04-01-2023 08:53 AM
- Karma Re: Navigate from dashboard in one app to another dashboard for gcusello. 04-01-2023 08:21 AM
- Posted Navigate from dashboard in one app to another dashboard on Dashboards & Visualizations. 03-31-2023 03:02 PM
- Karma Re: restore a default file that is failing integrity check for richgalloway. 03-27-2023 03:35 PM
- Posted How to add padding between trellis single value blocks? on Dashboards & Visualizations. 03-22-2023 12:19 PM
- Posted Re: Single Value, trellis, and search on Dashboards & Visualizations. 03-17-2023 09:41 AM
- Karma Re: Single Value, trellis, and search for yeahnah. 03-17-2023 09:40 AM
- Posted Re: Single Value, trellis, and search on Dashboards & Visualizations. 03-16-2023 03:19 PM
- Posted Re: Single Value, trellis, and search on Dashboards & Visualizations. 03-16-2023 01:52 PM
- Karma Re: Single Value, trellis, and search for yeahnah. 03-16-2023 01:52 PM
- Posted Is there some way to put all three stats commands in the same search, and maybe the trellis can get each calculation? on Dashboards & Visualizations. 03-16-2023 01:18 PM
- Posted Is there a way to create a Squid proxy visualization using a single value viz? on All Apps and Add-ons. 03-08-2023 09:37 AM
- Tagged Is there a way to create a Squid proxy visualization using a single value viz? on All Apps and Add-ons. 03-08-2023 09:37 AM
- Posted Re: Use css or html style tags in splunk status indicator on Dashboards & Visualizations. 03-06-2023 07:55 AM
- Karma Re: Use css or html style tags in splunk status indicator for tscroggins. 03-06-2023 07:54 AM
- Posted Using css or html style tags in Splunk status indicator? on Dashboards & Visualizations. 03-03-2023 03:10 PM
- Posted Re: Squid Proxy bytes_in,bytes_out, and bytes- Can we use this app to determine the bandwidth for a given time? on All Apps and Add-ons. 03-01-2023 09:04 AM
- Karma Re: Squid Proxy bytes_in,bytes_out, and bytes- Can we use this app to determine the bandwidth for a given time? for ITWhisperer. 03-01-2023 09:00 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
04-01-2023
10:05 AM
got it at last, from another post, use <a href tags, thanks all, eholz1
... View more
04-01-2023
08:53 AM
Hello gcusello, thanks for the reply, I tried this, but I cannot link from the "Cisco TA" dashboard to my other app/dashboard. Does the dashboard need to be global? eholz1
... View more
03-31-2023
03:02 PM
Hello All, Is it possible to edit the default navigation menu for one app, to show a dashboard in a different app? Or, is the navigation menu only possible within an app? thanks, eholz1
... View more
Labels
- Labels:
-
dashboard
03-22-2023
12:19 PM
Hello Splunkers,
Is there a way to add padding or control white space between the single value blocks in the
aggregated fields? i.e I have three blocks created in single-value using the trellis viz. This creates three nice blocks, but I would like to increase the white space between them if possible.
Or use 3 separate single value viz, and space them with padding, etc.
thank you for a great resource,
eholz
... View more
- Tags:
- trellis
Labels
- Labels:
-
panel
-
trellis layout
03-17-2023
09:41 AM
Wow, Thanks again for the input. I appreciate it. I will review, and figure out what would be nice to use. thanks for taking the time to do this. eholz1
... View more
03-16-2023
03:19 PM
One more queston, this works great. Is there a way I can set a static color based on the "title" of the trellis viz? i.e. In_gb is green, Out_gb is blue, etc. Thanks again for an excellent solution. I would like to have a different color for each result (in block mode) thanks again, eholz1
... View more
03-16-2023
01:52 PM
Wow thanks for fast reply, I will try it out, thanks again, eholz1
... View more
03-16-2023
01:18 PM
Hello all,
I have three individual searches for a single value viz. the value for each viz is a sum of a field.
I have bytes, bytes_in, and bytes_out. Each search is | stats sum(bytes) as Total, sum(bytes_in) as In, and sum(bytes_out) as Out
So 3 searches for each field, and a single value viz for each field. I have looked at the trellis viz, but it is not much help. My actual spl is using the same formula for each field: index=squid | stats sum(bytes_in) as TotalBytes | eval gigabytes=TotalBytes/1024/1024/1024 | rename gigabytes as "Bytes In" | table "Bytes In"
Is there some way to put all three stats commands in the same search, and maybe the trellis can get each calculation? I looked at trying to put each single value in a table 3 column by one row, etc
How can this be accomplished.
Thanks again,
eholz1
... View more
- Tags:
- xml
Labels
- Labels:
-
dashboard
03-08-2023
09:37 AM
Hello Members,
This is a great source of information and help. I am using the Splunk Add on for Squid Proxy.
I am getting data from the squid access log in the recommended splunk format. The dashboard that comes
with the install is find.
I am creating another dashboard based on that dashboard. I am monitoring bytes_in, bytes_out, and bytes.
It seems that the Splunk search for bytes is the total of bytes_in and bytes_out.
I am using a search that returns the sum of bytes_out using | status sum(bytes_out) for all src_ips. like this:
index=squid
| stats sum(bytes_out) as TotalBytes
| eval gigabytes=TotalBytes/1024/1024/1024
| table gigabytes
I do the same thing for "bytes" Is there some way I can create a visualization, using a single value viz,
so I can show bytes per time? Like x bytes / hour, maybe even one of those gauges? I would like to use a time picker with this as well - or a selectable span, etc Would the "timechart" allow me to do this?
Thanks so much,
eholz1
... View more
- Tags:
- dashboard
Labels
- Labels:
-
configuration
03-06-2023
07:55 AM
This is excellent, thanks so much. Great forum!!
... View more
03-03-2023
03:10 PM
Hello Is it possible to style the status_indicator.status_indicator_app in a manner like we can for the
"single value" chart? Can code similar to this be used?
<html> <style> #test { font-size: 18px !important; font-weight: bold !important; font-color: red; } .single-value .single-result { font-size: 30px !important; } </style> </html>
Thanks,
eholz1
... View more
Labels
- Labels:
-
dashboard
03-01-2023
09:04 AM
Thanks for the reply, I see there is quite a lot of things that can be searched. I also see time is a factor as well. I would like to be able to check, for a specific src_ip, assuming the user is doing a download - to sum the process, bytes_in, I would guess, and TCP breaks the total download into smaller pieces, etc. So I should be able to get the time of the download, and the total amount of bytes downloaded. Does that make sense, Thanks again, eholz1
... View more
02-28-2023
03:00 PM
Hello Splunk Experts,
I am using the Squid Proxy dashboard, and the TA squid plugin, etc. Works well.
I notice the dashboard uses the "sourcetype=squid" to gather data. On the splunk documentation for the proxy, the site suggests using the "squid:access;recommended" for the Squid Proxy TA plugin.
I have modified the inputs.conf file on my forwarder to use index=squid, and sourcetype=sqid, but
I have the squid.conf file using the splunk recommended log format - everything works.
My question is could we use this app to determine the bandwidth for a given time frame?
I see values: bytes, bytes_in (mostly = 181 for many events), and bytes_out.
Can any of these values provide information on total bandwidth or usages?
thanks,
eholz1
... View more
- Tags:
- squid
Labels
- Labels:
-
dashboard
02-17-2023
07:30 AM
Hello nyc_jason, Kudos all around. Thank you for taking the time to reply to my question. For once I learned more about Splunk and the ART of search stings and SPL You both gave me a mini-lesson in searching. Thanks, eholz1
... View more
02-17-2023
07:27 AM
1 Karma
Hello richgalloway, Thanks again for the response, an excellent search term. I wish I had thought of using tstats. Thanks again eholz1
... View more
02-14-2023
11:45 AM
Hello All,
I am using the Splunk Cisco TA plugin to get all kinds of data from the cisco devices reporting to splunk. I am sending the cisco logs direct from the cisco host to splunk. Is there a way to get the host only out of a search?, I mean without the events per host. Just the deduped hosts using "sourcetype="cisco:ios" in the search field for a given time span (24hrs, 30 days, etc). it would be nice to get the accurate count of hosts sending data to the indexer.
thanks,
Eholz`
... View more
Labels
- Labels:
-
search
01-24-2023
08:12 AM
Hello manjunathmeti Thanks for the reply. In our case we want to use the cisco TA Network plugin. We are monitoring only logs from cisco devices which do not have UF capability. But, I will consider your suggestion. The NON-root user cannot access any port below 1024 thanks to security features in Splunk and newer Linux distributions. I will look at the links you provided, to double check. But the base problem is: If we want to send logs direct from the cisco device (routers and switches) the logging feature on the ios on these devices ONLY allows the use of port 514 to send data to splunk. The whole idea here is to leverage the Splunk Cisco TA plugin to search and organized data. Thanks, eholz1
... View more
01-24-2023
08:03 AM
Hello PickleRick, Thanks for the reply. In our case we want to use the cisco TA Network plugin. We are monitoring only logs from cisco devices which do not have UF capability. But, I will consider your suggestion. The NON-root user cannot access any port below 1024 thanks to security features in Splunk and newer Linux distributions. I will look at reading Cisco logs being sent to our syslog server, reading the cisco logs, perhaps over tcp and using custom outputs.conf on the UF, and custom inputs.conf on the indexer and setting sourcetype to cisco:ios, etc. Thanks, eholz1 -
... View more
01-23-2023
03:08 PM
Hello All,
I am running Splunk 9.0.2 on Oracle 8.6. We monitor Cisco devices.
These devices require using port 514 to forward their syslogs to splunk.
We are running splunk as a non-root user. How can we configure Splunk to allow access to port 514?
eholz1
... View more
Labels
- Labels:
-
universal forwarder
01-18-2023
08:18 AM
The links you provided in your "tip" are excellent!! Thanks!! And it is really easy to format dates in a DB Studio table using the "format column" feature. Thanks for the tip, eholz1
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-01-2023
10:09 AM
|
