Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About philallen1
philallen1
Path Finder
Member since:
09-10-2013
06-05-2020
Community Statistics
| Posts | 39 |
| Solutions | 1 |
| Karma Given | 22 |
| Karma Received | 14 |
| Member Since | 09-10-2013 |
Activity Feed
- Got Karma for Re: Automatically Refresh Dashboard. 11-23-2021 03:41 PM
- Karma Re: How do I sum 2 field extractions if only one field extraction exists per log? for wpreston. 06-05-2020 12:47 AM
- Karma Re: why isn't JSChart / radialGauge drilldown working for sideview. 06-05-2020 12:46 AM
- Karma Re: How can you restrict a timechart to display only weekdays? for somesoni2. 06-05-2020 12:46 AM
- Karma Re: How can you restrict a timechart to display only weekdays? for gfuente. 06-05-2020 12:46 AM
- Karma Re: Remove chart axis labels for Simon_Fishel. 06-05-2020 12:46 AM
- Karma Re: Ignore some duplicate events for sdaniels. 06-05-2020 12:46 AM
- Karma Re: Creating a simple chart from extracting specific string for _d_. 06-05-2020 12:46 AM
- Karma Sideview Utils passing Pulldown value to SavedSearch for Parameshwara. 06-05-2020 12:46 AM
- Karma Re: Plotting instances of logs onto chart for alacercogitatus. 06-05-2020 12:46 AM
- Karma Re: How can you restrict a timechart to display only weekdays? for martin_mueller. 06-05-2020 12:46 AM
- Karma why isn't JSChart / radialGauge drilldown working for kingsizebk. 06-05-2020 12:46 AM
- Karma Re: ignoring extracted value for araitz. 06-05-2020 12:46 AM
- Karma ignoring extracted value for sumitnagal. 06-05-2020 12:46 AM
- Karma Re: Chart only plots 500 results for lguinn2. 06-05-2020 12:46 AM
- Karma Re: Chart only plots 500 results for nekb1958. 06-05-2020 12:46 AM
- Karma Re: Automatically Refresh Dashboard for jonuwz. 06-05-2020 12:46 AM
- Karma Re: Rename results doesn't work for lukejadamec. 06-05-2020 12:46 AM
- Karma Re: streamstats multiple moving averages for jonuwz. 06-05-2020 12:46 AM
- Karma Re: Sum max(count) from multiple hosts for somesoni2. 06-05-2020 12:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 |
11-23-2021
06:23 PM
Use refresh attribute in form tag, and attribute value is in seconds. <form refresh="15"> Dashboard will auto refresh in 15 seconds.
... View more
12-05-2014
05:38 AM
You're very welcome, glad it worked for you!
... View more
01-19-2020
02:32 PM
Try this (I may be taking you too literally, but the pieces that you need are here):
(?J)(?:^|[\r\n])\|(?:(?<MyField>a)\|b\|)|(?:c\|(?<MyField>b)\|)
https://regex101.com/r/5Peq78/1
... View more
12-03-2013
09:13 AM
This works. Thanks a lot. The timepicker on my dashboard still works too - although, obviously, won't display the chart very well on any time range less than a day.
... View more
11-27-2013
06:38 AM
That works Martin. Thanks a lot guys.
... View more
11-27-2013
03:29 AM
OK I figured this out. The reason why the timepicker date was being persisted was because of the following xml in the top of my code:
isPersistable="true"
I took this out and hey presto, it always reverted to default.
... View more
08-26-2017
06:45 AM
Hello everyone
let me kindly ask you what happens now that this parameter is deprecated (at least on last version 6.3.3)?
Could not find anything to replace it - while it raises a Warning into the XML editor
best regards
Altin
... View more
10-17-2013
05:37 AM
Yeah, I agree with you. The more I think about it the more difficult it gets (i.e. with multiple users accessing the page at the same time)
... View more
10-16-2013
03:09 AM
Yes, that's exactly right. It's the count of events.
... View more
03-22-2016
12:21 AM
Hi Can we add a dynamic result to a header ?
... View more
09-17-2013
07:43 AM
1 Karma
Rename is for field names and you want to update field values, so that is not applicable for your case. You can use eval-replace if you know what are the possible strings you want to remove. Your example (changing "EXEC [usp_GetClientListHierarchyNode]" to "EXEC GetClientListHierarchy") can be achieve by following:-
sourcetype="ContributionWebApi" DbQuery=* | eval DbQuery=replace(DbQuery,"\[","") | eval DbQuery=replace(DbQuery,"\]","")| chart count by DbQuery
forward slash is escape character for brackets.
you can add more eval-replace part for all your customizations.
... View more
09-11-2013
06:56 AM
2 Karma
Do you want the moving average of the last X queries by type ? Or the moving average of each query by time ?
If you take the average time for each query every minute, you'll end up with some minutes with 0. If you take the moving average over time, thats going to artificially lower your measurements.
If you take the moving average of the last X queries by type, then the average at 6am might take into account queries that occured hours ago.
Statistically - what are you trying to achieve ?
Here's an example using the average time per query per minute as the starting point :
This : bin _time span=1m chunks the data to the nearest minute.
This : streamstats window=5 global=f avg(avg) as rolling by root takes the average (of the averages) for the last 5 minutes by the 'query' ( in this case root ).
index=_internal sourcetype=*_access
| bin _time span=1m
| stats avg(spent) as avg by root,_time
| streamstats window=5 global=f avg(avg) as rolling by root
Now if you dont care about timechart re-averaging your values you can simply do :
| timechart avg(avg) as avg avg(rolling) as rolling by root
If you do care about timechart re-averaging your values :
| eval s="avg rolling"
| makemv s
| mvexpand s
| eval yval=case(s=="avg",avg,s=="rolling",rolling)
| eval s=root.": ".s
| xyseries _time, s, yval
| makecontinuous _time
You'll get far more meaningful readings by using something other than avg though. median or perc95
... View more
