i am also looking to do the same......did you find the answer? ... View more

I tried that search and it still isn't giving me any results. But here's a sample of the event I'm trying to filter with looks like (I've removed irrelevant fields and changed names to protect the innocent) sourcetype MSAD:NT6:DNS context PACKET dest SERVER direction Rcv eventtype nt6-dns-events(dns network resolution) flags D hexflags 0001 message a host address message_type Query message_type_code A opcode Q packetid 000000DFFFFFF query www.microsoft.com query_type Query record_type A reply_code NOERROR reply_code_description No Error reply_code_id 0 src 1.2.3.4 src_ip 1.2.3.4 tag dns network resolution threadid 0FFF transport UDP _time 2006-01-1T00:00:00.000+00:00 index dns linecount 1 So that query field is what I'm trying to match against. ... View more

I woud add that, instead of using: | fields * it is better to extract only the fields you need later on in all the other dashboard panels, this will improve the performance of the entire dashboard, here below the example: | fields field1, field2, field3 etc.. ... View more

Hi lianlim, You don't need to change or set the sourcetype nor the index name for the input just use the defaults. Regarding the port; this will be a new port where you can access the dashboard - so you need to configure a free TCP port that will be accessible from your Squarespace hosted website. Once all the security concerns such a setup brings along are cleared and approved, you can access the dashboard like this: <iframe src="https://<splunk_server_name>:<TheTCPPortYouConfigured>" seamless frameborder="no" scrolling="no" width="1200" height="2500" ></iframe> cheers, MuS ... View more