Hello @fredkaiser , I have tried this css, changing the "=" sign to ":" in css file, hit CtrlF5 and still, no difference at all... I just found out that Splunk's last version has updated the example "single_decorations.css" to "custom_decorations.css". I'm still checkin' it out to see if this new release will work on my previous panel. But thanks in advance! ... View more

Yeap, still not working, restarted splunk server, and tried with !important as well.. ... View more

This is how my single looks like, letters are too big and the icon is at the wrong place since Splunk updated. I think the tag is correct, cuz I've changed it in execution time with Chrome... ... View more

It's already inside the dashboard tag reference css = single-decorations.css... I used this: .single-result { font-size:20px } Nothing changed, not even restarting splunk instance.. ... View more

Well, this person asked us to get a deviation of average status error / success, I'm not acctually sure if this is possible. He wants a red/yellow/green light indicator to show if the deviation is higher less then 30%, less then 50% or higher then 50% deviation ... View more

This pretty much solves the problem, just need to get the average of errors and success now... ... View more

My data is similar to this line: 05112015ZK00S09MAIN 05112015ZK00S14MAIN 05112015ZK00E65MAIN 05102015ZK00E22MAIN 05102015ZK00S01MAIN Where the "S" or "E" stands for Status. So I should get the average of events with Success, the average of Errors. They were both extracted positional regex as "Status" How can I get the average of'em ? ... View more

Did u have any in-app concern version-related over updates? ... View more

Haha lol I don't wanna regret upgrading the version, also cuz my project app was being developed in 6.1 and the server uses 6.3. Now my props conf has [EXTRACT] tags and also [REPORT] tags, kinda confusing, hope I don't loose previous regex fields, not sure if this update came to help when it comes to field extractions... ... View more

Thanks @jkat54 and @Runals! We've just upgraded Splunk's version, so we're kinda new to this new field extractor. Seems the older one was working faster and easier. But I guess that'll do it! ... View more

It worked for the first field, but when I go back to the field extractor, I get this message: " The extraction failed. If you are extracting multiple fields, try removing one or more fields. Start with extractions that are embedded within longer text strings. " ... View more

RegExr says: "http://www.regexr.com/v1/" " ." = " Matches any character, except for line breaks if dotall is false. " So, it should work passing the amount of positions inside {size} as a substring for example but in a regex, right? ... View more

Thanks @woodcock that's exactly what has happening. Now I just gotta figure out which one does Splunk edit as latest version to consider in directory. ... View more

I'm using cmd> spluck package app myApp Then, when I go to main server and upload .tgz or .tar, dashboards doesn't change at all... ... View more

Worked fine.... Thanks a lot @woodcock ! ... View more

This is an example of my data: ( it's a fixed position data ) 20151022TX04100089450096950042E0000008301 20151022ZX04100016720099920072E0000001304 20151022FX04100012340099970056E0000004504 20151020CAAB2584 0067970056E0000009804 20151018CAAD2260 0409750103W0000000211 20151021CHAC1941 0356750001W0000002209 20151021CHAB1941 0023390098W0000002209 As it's a fixed position, I matched the regex like this: "\d+(?P.{12})" And other cases, for example the letter wich stands for W=working E=error I used ".{30}(?P.{1})" I was able to extract these fields, but I'm unable to filter them, it only works with =* ... View more