Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About danielgp89
danielgp89
Path Finder
Member since:
01-27-2017
10-06-2020
Community Statistics
| Posts | 40 |
| Solutions | 0 |
| Karma Given | 4 |
| Karma Received | 2 |
| Member Since | 01-27-2017 |
Activity Feed
- Posted Re: I can't Overlay an Image Like Splunk Dashboard Sample on Dashboards & Visualizations. 10-06-2020 02:00 PM
- Posted I can't Overlay an Image Like Splunk Dashboard Sample on Dashboards & Visualizations. 09-28-2020 01:41 PM
- Got Karma for Re: How Can I change from descendant to ascendant in timechart visualization in the Y-axis. 06-05-2020 12:50 AM
- Got Karma for Why does my Splunk is not indexing all the files that pass thru inputs.conf?. 06-05-2020 12:50 AM
- Karma Re: Splunk 7.0.0 on Mac failing to run for mattymo. 06-05-2020 12:49 AM
- Karma Re: How can I skip the first two "\n" letters from my fields? for oawelewa. 06-05-2020 12:49 AM
- Karma Re: How can I skip the first two "\n" letters from my fields? for MuS. 06-05-2020 12:49 AM
- Karma Re: How to create a Dinamic Field with a String for somesoni2. 06-05-2020 12:48 AM
- Posted Re: Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 11-04-2019 04:35 PM
- Posted Can Splunk connect to Polyhedra DBMS? on All Apps and Add-ons. 09-24-2019 01:29 PM
- Tagged Can Splunk connect to Polyhedra DBMS? on All Apps and Add-ons. 09-24-2019 01:29 PM
- Posted Re: Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 09-23-2019 04:56 PM
- Posted Re: Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 09-12-2019 11:40 AM
- Posted Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 09-11-2019 03:24 PM
- Tagged Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 09-11-2019 03:24 PM
- Tagged Why does my Splunk is not indexing all the files that pass thru inputs.conf? on Getting Data In. 09-11-2019 03:24 PM
- Posted Re: How Can I change from descendant to ascendant in timechart visualization in the Y-axis on Splunk Search. 02-07-2019 02:03 PM
- Posted Re: How Can I change from descendant to ascendant in timechart visualization in the Y-axis on Splunk Search. 02-06-2019 08:11 AM
- Posted Re: How Can I change from descendant to ascendant in timechart visualization in the Y-axis on Splunk Search. 02-05-2019 07:32 PM
- Posted Re: How Can I change from descendant to ascendant in timechart visualization in the Y-axis on Splunk Search. 02-05-2019 06:52 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 1 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
10-06-2020
08:22 PM
@danielgp89 as suggested even browser history needs to be cleaned up. If you are in your dev instance you can remove caching features for faster static file changes (not for production environments). Refer to Splunk Documentation for web.conf config: https://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/CustomVizTutorial Do accept/up vote the answer if it helped!
... View more
09-24-2019
01:29 PM
Polyhedra is a family of relational database management systems offered by ENEA AB, a Swedish company.
You can access this DB via an ODBC driver by Microsoft, but the idea that we have is to sent to splunk the data that is allocate it in this DB.
Does anyone knows how can I extract the data of this DataBase?
Regards!
... View more
11-04-2019
07:10 PM
It probably is not stopping ; it is probably getting bogged down because you have too many files co-resident with the files being monitored. If there are hundreds of files, things get slow, if there are thousands of files, forwarding breaks down completely. It has nothing to do with whether the files are being monitored or not; the mere presence of the files creates trouble. Perform proper OS-level housekeeping to move the old files someplace else (or delete them).
... View more
02-07-2019
02:03 PM
1 Karma
@niketnilay Thanks so much for your time and response!
That was exactly what I was looking for.
Best Regards!!
... View more
01-31-2019
08:10 PM
Hi @danielgp89
Please check the suggestion given by @niketnilay here
https://answers.splunk.com/answers/661288/time-on-y-axis-and-date-on-x-axis.html
... View more
01-20-2019
06:04 PM
Thanks so much Renjith!
Your going to heaven!
... View more
12-04-2018
09:28 AM
Hello!
I'm trying to make a drilldown in the same dashboard with the famous Table Row Expansion. Basing myself in the Splunk Dashboard Example App, I see an example but that one doesn't work for me, because that search only goes for a field that calls "sourcetype" and could works with all the raws because they use the same fields.
But in my case each raw has different searches with different fields, let me do an Example:
This is my Table:
The thing that I'm looking for is when I clic the ALTUSER table raw this one expands down another table with this values:
index=mf MFSOURCETYPE=SMF080 SYSNAME=$field2$ RACF_Command=$RACF1$ |stats count by ALTUSER_Keyword_Specified ALTUSER_User_ID SMF80USR SMF80GRP USER_NAME_FROM_ACEE |rename "ALTUSER_Keyword_Specified" as "Actividad" ALTUSER_User_ID as "Usuario Afectado" SMF80USR as "Usuario Responsable" SMF80GRP as "Grupo" USER_NAME_FROM_ACEE as "Nombre" count as "Total De Eventos" |sort -count
And When I clic the CONNECT table Raw this one expands down another table with this values
index=mf MFSOURCETYPE=SMF080 SYSNAME=$field2$ RACF_Command=$RACF1$ |stats count by CONNECT_Keyword_specified CONNECT_Group_name_(GROUP_keyword) CONNECT_User_ID SMF80USR USER_NAME_FROM_ACEE USER_TOKEN_GROUP |rename CONNECT_Keyword_specified as "CONNECT TYPE" CONNECT_Group_name_(GROUP_keyword) as "A GRUPO CONECTADO" CONNECT_User_ID as "USER CONECTADO" SMF80USR as "USER RESPONSABLE" USER_NAME_FROM_ACEE as "NOMBRE DE USUARIO" USER_TOKEN_GROUP AS "GRUPO DE USUARIO" count as "TOTAL DE EVENTOS" |sort -"TOTAL DE EVENTOS"
As You can see the fields are different so I can't have the same table working for each raw with the token drilldown option.
I tried to use the token option with the set:
But when I clic some of the values in the raw it appears all the tables! So that doesn't work either.
So in the case it can't work with the table raw expansion, How Can I do when I clic ALTER raw, it appear a new table in another panel with the ALTER values, and when I clic CONNECT raw, the ALTER panel disappear and appear another one with the CONNECT values.
Hope You can Help me!
BEST Regards!!!
... View more
- Tags:
- splunk-enterprise
06-26-2017
02:04 PM
Thanks so much! the first option works fine for me!
Thanks a lot somesoni2
Best Regards!
... View more
05-09-2017
02:19 PM
Hi danielgp89!
When we say "my search for...", that means that you get to optimize whatever search you are doing in that part and it won't affect the code sample.
In this case, use the earliest command, so the search is not running across all time. You know your data, so if those sources are supposed to be sending every twenty minutes, use earliest=-1h . If they are sending every second, use earliest=-3s .
Also, just as a general tip, always specify the index that you want splunk to look at, so the system doesn't spend any time looking for your data where it isn't.
earliest=-10m index=foo source=bar1 OR source=bar2 ...my other search terms... | dedup source | table _time source
... View more
04-18-2017
03:12 PM
Hello Iguinn!
I haven't download it!
Thanks for the tip. I will dive in to it.
... View more
04-18-2017
03:14 PM
Thanks for the help woodcock!
... View more
01-30-2017
11:53 AM
Thanks skoelpin
This Solve my problem.
Best Regards!
... View more
11-20-2018
12:20 AM
How can I drilldown from a word cloud chart and pass the clicked value to the new dashbard? Thanks.
... View more
