I have a column chart in classic dashboard (xml) using this SPL index=nms-log-idx sourcetype="sea-nms-log" ("ERROR" OR "WARNING") | eval severity=case(searchmatch("ERROR"), "ERRORS", searchmatch("WARNING"), "WARNINGS") | stats count by severity   I want the color red for errors, and a color like yellow or orage, etc for warnings. This line does not wrok, it applies the color specified in "count" to both columns. <option name="charting.fieldColors">{"ERRORS": 0xFF0000, "WARNINGS": 0xFF9900, "count": 0x009900}</option> What am I missing?  Thanks for the support, eholz1 ... View more

Hello Members! I have been attempting to get search results using the splunk-sdk for node.js. I am using version 24. of node. I have and can use the Python splunk-sdk without issue, works well! I have been having no joy with the node.js splunk-sdk. I can easily create a search in node, lgin in to splunk via the sdk, and return a sid - no problem there. But, I want to get the results of the search using the retreived sid. So far, even with AI and internet help, I have  been unable to get the results . I always get "unhandled errors" - I have tried using an "async myFunc()" etc, no dice.  My goal here is to: have a function that gets a sid, and then another function that using the side to get search results. My over all plan is this: Get a webhook POST from a Splunk alert, get the sid from the payload, use this sid to perform a GET request to return results.  I am using a "server" created by node.js. The whold process above works fine with Python and Flask. I want to have persistent data on my "web page", so it is my understaning that JavaScript/Node has more "capability". Also I do have "express" installed in my node environment. It is my understanding that using "promisify" is deprecated - I have not got that to work either.  Whata am I missing in terms of getting search results using the splunk-sdk for node? Thanks So Much, eholz1 - frustrated! ... View more

Hello All, Thanks for the help this forum provides. I have a table in dashboard studio. I can set the backgrould color for the header. I would like to be able to change the color of the text in the table header without using the dark mode which sets text color in the header to white (and the table rows too). I would like to have the text color in my  header to be white (or some other color) when the dashboard is set to the "light mode". It there a way to do this? Thanks, Eholz1 ... View more

Hello Splunkers! I am using HEC to send an html file to splunk. The received event contains the html lines of code. The html is a table with some data, and forms a table with the data. Is there a way, or how can I create a dashboard from the html text that shows the table?  Maybe another way to say this is: How can I extract the html code from the hec event, and display same on a dashboard?   Thank You So Much, E Holz   ... View more

Hello All, Perhaps I have the 64K $ question. I am trying to understand (better) the IOWAIT warnings and errors. The yellow and red icons, etc.  I know that IOWAIT can be an issue, and only on Linux based servers. I will guess that running Splunk Enterprise on a virtual linux machine makes things harder. I have revised the Health Report Managaer settings per a Splunk forum posting, and the issue is resolved for the most part. I can run an "unreasonable"  search and get the warining icon, and then as the search progresses, the red error icon. I have run some linux commands like iostat,  and iotop while the search is running but do not see any useful data. I am just curious how Splunk determines the IOWAIT values as part of the health monitoring. I was also wondering if I reset the healh repoting values back to the default, how I might go about reducing the "IOWAIT" characteristic on the Splunk server. Thanks for any hints or tips ewholz ... View more