Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About isplunk2999
isplunk2999
Path Finder
Member since:
04-30-2019
06-05-2020
Community Statistics
| Posts | 18 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 04-30-2019 |
Activity Feed
- Got Karma for how to extract a change_link from _raw depending on the datapoint a user click on in a line graph?. 06-05-2020 12:50 AM
- Posted Re: how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-22-2019 03:45 PM
- Posted Re: how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-15-2019 11:13 AM
- Posted how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Tagged how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Tagged how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Tagged how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Tagged how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Tagged how to extract a change_link from _raw depending on the datapoint a user click on in a line graph? on Dashboards & Visualizations. 05-13-2019 12:02 PM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 04:07 PM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 12:24 PM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 10:19 AM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 09:55 AM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 09:49 AM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-05-2019 07:35 AM
- Posted Re: How to redirect to a URL when clicked on the circle marker on Dashboards & Visualizations. 05-03-2019 11:21 AM
- Posted Re: How to create multiple line charts in splunk? on Splunk Search. 05-03-2019 08:11 AM
- Posted Re: How to create multiple line charts in splunk? on Splunk Search. 05-03-2019 08:10 AM
- Posted Re: Line graph incorrectly shows a flat line on Splunk Search. 05-02-2019 08:05 PM
- Posted Re: How to create multiple line charts in splunk? on Splunk Search. 05-02-2019 08:03 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
05-22-2019
03:45 PM
Hey @niketn :
Answers below
1.When the drilldown URL is constructed what should it look like?
[Answer] URL is already in change_link, we just need to take that , am trying to pull that.
2.When you use chart command you drop raw data, what do you imply by url token that you are trying to set?
[Answer]I am trying to set a variable (url) based on what the user click and to extract the change_link value from raw data. Then use this variable in the link_target,all I need is depending on the datapoint the user click on I want to pull the URL from change_link,if there are simpler ways to achieve it I am open to that.
3.Instead of creating a link, can you print the $url$ token in Splunk dashboard? Also what is the URL in the browser when you see "Page not found"?
[Answer]Please elaborate ,like I said above all I need is depending on the datapoint the user click on I want to pull the URL from change_link value from raw data ,if there are simpler ways to achieve it I am open to that.
... View more
05-15-2019
11:13 AM
I tried as below but when I click on the circle marker I get Page not found! ,I need some guidance from here
<drilldown>
<set token="url">| eval url=spath(_raw, "Analyze.P5.$click.value${}.change_link")</set>
<link target="_blank">$url$</link>
</drilldown>
... View more
05-13-2019
12:02 PM
1 Karma
Hi
I insert the data in the following JSON format and create a linegraph over _time,each of the circle markers in the line graph represent the count field over _time ,what I am looking for is depending on the datapoint the user clicks on, I want to pull the URL from change_link.
How do I set a variable (url) based on what the user click on to extract the change_link and then use this variable in the link_target?
How do I pull the url from a nested json ?how to set a token based on what they clicked on and extract the change_link and then you use that token as your link_target?
Please advise
_raw = {
"Analyze":{
"P5":{"count":"","change_link":""}
},
"timestamp": int(time.time()) # Can also use datetime.datetime.now().isoformat()
}
Following is my code
CODE:
<dashboard>
<label>radar_trend_test_report</label>
<row>
<panel>
<chart>
<search>
<query>index=indexname sourcetype=sourcetype | chart values(Analyze.P5.count) as P5 over _time</query>
<earliest>@w0</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="refresh.display">progressbar</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
<drilldown>
</drilldown>
</chart>
</panel>
</row>
</dashboard>
... View more
05-05-2019
04:07 PM
@niketnilay - Do you have any inputs on how to set a token based on what the user clicked on using spath to extract the change_link.
... View more
05-05-2019
12:24 PM
@DEAD_BEEF - Sorry about not clear in the initial question, very new to this forum,trying to get hang of things,thanks for your guidance so far.
I insert the data in the following JSON format,each of the circle markers in the line graph represent the count field over _time for the respective series(names of series are Investiage,Screen,Review),you probably gave using the name series to determine the external URL just as an example but what I am looking for is determining the URL based on the count field and the URL is the corresponding change_link in the same JSON object?this is where I need your guidance
_raw = {
"Total_radar_count":"999",
"Analyze":{
"Screen":{"count":110,"change_link":"change://problem/90811162&82639896&88776863&83703933"},
"Investigate":{"count":069,"change_link":"change://problem/90811162&82639896&88776863&83703933"},
"Review":{"count":106,"change_link":"change://problem/90811162&82639896&88776863&83703933"}
},
"timestamp": int(time.time()) # Can also use datetime.datetime.now().isoformat()
}
... View more
05-05-2019
10:19 AM
Hey @niketnilay - I did mention in my original question that I did look @https://splunkbase.splunk.com/app/1603 , I couldn't find an example for my usecase,may be I missed it, do you mind pointing me the exact link you are talking about?
... View more
05-05-2019
09:55 AM
Hey @DEAD-BEEF:
The URL is different for each of the circle markers and should be fetched dynamically(its not a static link)
For example in my query below, for value "Analyze.Investigate.count" the corresponding link value is "Analyze.Investigate.link" and so forth
Analyze.Review.count --> Analyze.Review.link
Analyze.Screen.count --> Analyze.Review.link
QUERY:
index=wifiengg_cat2 sourcetype=radar_statistics_data6 | chart values(Analyze.Investigate.count) as Investigate values(Analyze.Review.count) as Review values(Analyze.Screen.count) as Screen over _time
How do I put the corresponding link for the corresponding circle marker?
... View more
05-05-2019
09:49 AM
Hey @DEAD_BEEF:
I need to click a different URL for each of the circle markers in the line graph, the URL's are stored in the same JSON and are fetched dynamically(they are not static)
My current query is as below, so, for example for the value "Analyze.Investigate.count"the URL is under "Analyze.Investigate.link"
Analyze.Review.count --> Analyze.Screen.link
Analyze.Screen.count --> Analyze.Screen.link
QUERY:
index=wifiengg_cat2 sourcetype=radar_statistics_data6 | chart values(Analyze.Investigate.count) as Investigate values(Analyze.Review.count) as Review values(Analyze.Screen.count) as Screen over _time
How do I fetch these links and add to the corresponding circle markers?
... View more
05-05-2019
07:35 AM
@DEAD_BEEF - Its an external url like "rdar://problem/123456", clicking on that will pop up a new window related to that URL
... View more
05-03-2019
11:21 AM
Forgot to add my code,following is my code
<dashboard>
<label>radar_trend_test_report</label>
<row>
<panel>
<chart>
<search>
<query>index=wifiengg_cat2 sourcetype=radar_statistics_data6 | chart values(Analyze.Investigate.count) as Investigate values(Analyze.Review.count) as Review values(Analyze.Screen.count) as Screen over _time</query>
<earliest>@w0</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.abbreviation">none</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.abbreviation">none</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.abbreviation">none</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">none</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.mode">standard</option>
<option name="charting.legend.placement">right</option>
<option name="charting.lineWidth">2</option>
<option name="trellis.enabled">0</option>
<option name="trellis.scales.shared">1</option>
<option name="trellis.size">medium</option>
</chart>
</panel>
</row>
</dashboard>
... View more
05-03-2019
08:11 AM
@richgalloway - accepted 🙂
... View more
05-03-2019
08:10 AM
@richgalloway - accepeted 🙂
... View more
05-02-2019
08:05 PM
But statistics is also right,look at the values for Analyze.Count,Analyze.Screen,Analyze.Investigate and Analyze.Review over _time ,they are not the same... Anyways I solved this myself
... View more
05-02-2019
08:03 PM
I was able to solve this using following query
index=<indexname> sourcetype=<sourcetype>| chart values(Analyze.Investiaget) as Investigate values(Analyze.Review) as Review values(Analyze.Screent) as Screen over _time
... View more
05-02-2019
06:20 PM
Hi
I have a line-chart as shown in below screenshot. By default, the drilldown action redirects to the search page ,is it possible to create custom action to redirect to another URL when clicked on the circle markers?
I have explored the simpleXML option using the examples @https://splunkbase.splunk.com/app/1603 ,I mainly found examples related to linking a dashboard, form, or external website in response but I couldn't find an example that handles my use-case?
How can I do this without using fancy web tool kits ?please advise
... View more
05-01-2019
04:53 PM
Hi
I have the following search query which shows the output as shown below,as you can see the issue is the linegraph is a flat one when the values are actually different,can anyone provide guidance what is wrong here and how to fix it?
| makeresults
| eval _raw="{
\"entry\" : [{
\"Analyze.Count\":\"100\",
\"Analyze.Screen\":\"100\",
\"Analyze.Investigate\":\"101\",
\"Analyze.Review\":\"103\",
\"_time\": 1556668713
}, {
\"Analyze.Count\":\"700\",
\"Analyze.Screen\":\"800\",
\"Analyze.Investigate\":\"801\",
\"Analyze.Review\":\"803\",
\"_time\": 1556683685
},{
\"Analyze.Count\":\"200\",
\"Analyze.Screen\":\"1000\",
\"Analyze.Investigate\":\"1001\",
\"Analyze.Review\":\"1003\",
\"_time\": 1556683885
},{
\"Analyze.Count\":\"50\",
\"Analyze.Screen\":\"800\",
\"Analyze.Investigate\":\"801\",
\"Analyze.Review\":\"803\",
\"_time\": 1556682885
}]
}"
| spath
| fields - _raw _time
| mvexpand entry{}._time
| rename entry{}.* as *
| timechart min(*) AS * max(*) AS *
CURRENT OUTPUT:-
... View more
04-30-2019
09:45 PM
Hi MuS:
Few questions
1.How to make sure the _time is picked up from the JSON field
timestamp?should I change the
timestamp name to _time ?please
advise
2. Code I posted is in python,as you can see its already in JSON,you
stated"The important thing for you is
to get the data correct on boarded
into Splunk as JSON" , are you
suggesting to do it any different?
3.I tried as below query as you mentioned everything until rename is
to create dummy data but it didn't
work probably because of #1 above,
please see link
https://imagizer.imageshack.com/img924/663/1Qt9LU.png
once we fix #1 is the below query the right one?
"index=indexname sourcetype=radar_statistics_data3 | timechart min(*) AS * max(*) AS *"
COMMENT UPDATE:
1. It sounds like our company splunk instance assigns timestamp values automatically by using information that it finds in the raw event data
2. I think it is already in JSON format
3.so what is missing in my query?
ANOTHER UPDATE:
I downloaded a local splunk instance and tried your code ,the line graph just shows only the latest element in the list,look at https://imagizer.imageshack.com/img923/1484/EksD5B.png and https://imagizer.imageshack.com/img921/7475/mdvETI.png
any idea what is wrong?
... View more
04-30-2019
07:03 PM
Hi
I have the following data in a dictionary and I would like to create a multi-series line chart with timestamp X-axis and count on Y-axis and a line chart for each of the keys in the dictionary,I can't seem to figure out how to do this in splunk?
1.Am I logging in the data in the right formart in splunk?Do I need to change it?
2.what sort of splunk query should I use to generate this line chart?
entry = {
"Analyze.Count":"700",
"Analyze.Screen":"700",
"Analyze.Investiage":"701",
"Analyze.Review":"703",
"timestamp": int(time.time()) # Can also use datetime.datetime.now().isoformat()
}
requests.post(url="https://endpoint?uat=1&sourcetype=radar_statistics_data2", json=entry)
EXPECTED OUTPUT:-
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
