Activity Feed
- Posted Combine timechart and geostats on Dashboards & Visualizations. 09-01-2020 08:48 AM
- Tagged Combine timechart and geostats on Dashboards & Visualizations. 09-01-2020 08:48 AM
- Tagged Combine timechart and geostats on Dashboards & Visualizations. 09-01-2020 08:48 AM
- Tagged Combine timechart and geostats on Dashboards & Visualizations. 09-01-2020 08:48 AM
- Got Karma for Re: How can I control a Radial Guage's range values with result values?. 06-05-2020 12:48 AM
- Got Karma for How to reference a dashboard token in an HTML panel?. 06-05-2020 12:48 AM
- Karma Re: How can I get a running total of distinct users over time? for Stephen_Sorkin. 06-05-2020 12:45 AM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 12:33 PM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 12:27 PM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 12:04 PM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 12:04 PM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 10:21 AM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-18-2016 05:48 AM
- Posted Re: How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 04:41 PM
- Posted How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
- Tagged How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
- Tagged How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
- Tagged How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
- Tagged How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
- Tagged How to reference a dashboard token in an HTML panel? on Dashboards & Visualizations. 10-17-2016 02:03 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
09-01-2020
08:48 AM
When visualizing results on a map (presumably using geostats, but maybe there's something else?) is there a way to get a small line or area chart instead of a pie chart? Basically I have a bunch of requests over the past week or month then using iplocation to find where they are coming from. I want to see if there are places with a significantly different number of requests (preferably by http_response_status) one day from the next. Even more basically, did we get 10K requests from (for example) St. Louis yesterday when over the past week we usually get 500? Did we get 4K 401's from Buffalo when usually they're 3K 200's. I've tried combining iplocation, geostats, timechart, "bin + chart by _time", etc. in various ways and can't get the data to make sense. Much less to visualize it like I want. | iplocation ip | bin _time span=1d | stats count by _time, lat, lon, http_response_status Maybe this is two questions. 1) How to format the data and 2) Can/how to visualize it. Thank you!
... View more
Labels
- Labels:
-
timechart
10-18-2016
12:33 PM
It looks like between 6.4.0 and 6.5.0 there were some changes to the search options in the Simple XML. Apparently it's important to be looking at docs for the correct version.
<done> text Execute actions based on finished search events.
<preview> text Preview of search results. Includes job properties and first result row.
Thank you so much!
... View more
10-18-2016
12:27 PM
It works! You rock!
... View more
10-18-2016
12:04 PM
Not sure if it's relevant, but I can see the value switch from $MyHost$ to $result.host$.
... View more
10-18-2016
12:04 PM
<condition match="'job.isDone'"=1> was a syntax error, but when I changed it to <condition match="'job.isDone'=1"> (with the =1 inside the quotes) it stayed as $MyHost$.
... View more
10-18-2016
10:21 AM
That's pretty similar to somesoni2's suggestion to use instead of
Using <progress><condition> I now get Host: $result.host$ .
<search>
<query>| metadata type=hosts | head 1</query>
<earliest>-60m</earliest>
<latest>now</latest>
<progress>
<condition match="'job.isDone'">
<set token="MyHost">$result.host$</set>
</condition>
</progress>
</search>
... View more
10-18-2016
05:48 AM
Yep, I'm using result now, not results. I copy/pasted your example (I don't have access to _internal so I changed it to index=*).
At work we have version 6.4.0 and at home I have 6.5.0 (both Enterprise) but I wouldn't think that would matter with something this basic.
... View more
10-17-2016
04:41 PM
Hm... same result on Splunk at work. Works perfect at home.
... View more
10-17-2016
02:03 PM
1 Karma
I regularly get requests for some data that I get from several searches. The people requesting it like it formatted just so, so instead of manually formatting it each time I'd like to have my searches in a dashboard with all the needed data being sent to an html panel so I can format it correctly.
Can someone please help direct me to what I'm doing wrong? I've tried changing the table to a single value and tried various ways to set the token.
Run anywhere:
<dashboard>
<label>test</label>
<row>
<panel>
<table>
<search>
<query>| metadata type=hosts | head 1</query>
<earliest>-60m</earliest>
<latest>now</latest>
<condition match="'job.isDone'">
<set token="MyHost">$results.host$</set>
</condition>
</search>
</table>
</panel>
<panel>
<html>
<p>Host: $MyHost$</p>
</html>
</panel>
</row>
</dashboard>
I get back:
firstTime host lastTime recentTime totalCount type
1476644722 myHostName 1476736882 1476736882 154103 hosts
and Host: $MyHost$ instead of Host: myHostName
Thank you!
... View more
10-10-2016
11:40 AM
1 Karma
I see the doc for it now. https://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Gauge
... View more
10-10-2016
11:38 AM
Huzzah! That works! Thank you!
... View more
10-10-2016
10:27 AM
That changed my result from Recent, High, Low to x, y1, y2 but the gauge looks the same.
Interestingly, the gauge first displayed it looked (almost) right...for a second. And then flashed back to the defaults.
... View more
10-10-2016
08:42 AM
I would like to see if something (ie, number of transactions/hour) is within an expected range. I have a search that returns a single row with the fields Recent, High, Low.
I am trying to visualize this with a Radial Gauge, but am having trouble getting the range values set correctly.
<chart>
<search>
<query>... | fields Recent, High, Low</query>
<done>
<set token="lowThreshold">$result.Low$</set>
<set token="highThreshold">($result.High$</set>
<set token="max">eval(round(result.High$ * 1.2), 0)</set>
</done>
</search>
<option name="charting.chart">radialGauge</option>
<option name="charting.chart.style">minimal</option>
<option name="charting.chart.rangeValues">[0,$lowThreshold$,$highThreshold$,$max$]</option>
<option name="charting.gaugeColors">["0xBF3030","0x7e9f44","0xBF3030"]</option>
</chart>
This keeps ignoring the token settings and using the defaults of 0, 30, 70, 100. What do I need to change to use my ranges instead of the default ones?
Thank you!
... View more
