Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About chiennylin
chiennylin
New Member
Member since:
11-06-2019
07-13-2021
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-06-2019 |
Activity Feed
- Posted Re: Single Value trellis wrap result and font color on Dashboards & Visualizations. 07-13-2021 05:46 PM
- Posted Re: Trellis to align automatically to the panel size on Dashboards & Visualizations. 07-12-2021 10:46 PM
- Posted Single Value trellis wrap result and font color on Dashboards & Visualizations. 07-12-2021 10:10 PM
- Posted Can Splunk send message to IBM Websphere MQ? on Deployment Architecture. 05-27-2021 08:56 PM
- Posted Re: How to subtract windows time stamps? on Getting Data In. 01-20-2020 04:27 PM
- Posted Re: subtraction using eval on Splunk Search. 01-20-2020 04:24 PM
- Posted Re: subtraction using eval on Splunk Search. 01-19-2020 07:00 PM
- Posted Re: How to subtract windows time stamps? on Getting Data In. 01-19-2020 06:59 PM
- Posted Re: Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-16-2020 01:08 AM
- Posted Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-15-2020 12:52 AM
- Tagged Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-15-2020 12:52 AM
- Tagged Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-15-2020 12:52 AM
- Tagged Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-15-2020 12:52 AM
- Tagged Dealing with Multiple dynamic input such as country on Dashboards & Visualizations. 01-15-2020 12:52 AM
- Posted Re: Checkbox horizontal Value alignment on Dashboards & Visualizations. 01-14-2020 10:55 PM
- Posted Re: Why are changes based on drop-down input in panels not updating in the following dashboard? on Dashboards & Visualizations. 01-14-2020 10:15 PM
- Posted Re: Why is division via EVAL is not working? on Splunk Search. 11-07-2019 08:29 AM
- Posted Why is division via EVAL is not working? on Splunk Search. 11-06-2019 09:29 AM
- Tagged Why is division via EVAL is not working? on Splunk Search. 11-06-2019 09:29 AM
- Tagged Why is division via EVAL is not working? on Splunk Search. 11-06-2019 09:29 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-13-2021
05:46 PM
Hi Kv. on tabular: Post-o.splexcbj-HAPQ 1484 (0min) Post-o.splexcbj-HUEVQ 32 (0min) HTML wise i didn't really change anything. i just added: #prg_spback .facets-container{ display: flex !important; justify-content: center !important; } #prg_spback div.viz-facet{ $tokWidth2$; } then its tie to: <progress> <condition match="$job.resultCount$==0"> <set token="tokWidth2">width: 0% !important;</set> </condition> <condition match="$job.resultCount$==1"> <set token="tokWidth2">width: 95% !important;</set> </condition> <condition match="$job.resultCount$==2"> <set token="tokWidth2">width: 45% !important;</set> </condition> <condition match="$job.resultCount$==3"> <set token="tokWidth2">width: 30% !important;</set> </condition> <condition match="$job.resultCount$==4"> <set token="tokWidth2">width: 22% !important;</set> </condition> <condition match="$job.resultCount$==5"> <set token="tokWidth2">width: 18% !important;</set> </condition> <condition match="$job.resultCount$==6"> <set token="tokWidth2">width: 10% !important;</set> </condition> <condition> <set token="tokWidth2"></set> </condition> </progress> but it doesn't fix the wrap issue when the result is huge
... View more
07-12-2021
10:46 PM
Hello. The solution is amazing but im wondering, how to make the trellis not to overlap if the result is huge?
... View more
05-27-2021
08:56 PM
Good day! I want to know if it's possible to use splunk as a recovery option? this means that Splunk will be sending messages to IBM MQ based on the queue set up. from what i know, MQ can be setup as the source of the message in splunk: MQ Queue --> Splunk i wanted to know if this is possible: Splunk --> MQ Queue? and how? like any idea?
... View more
Labels
- Labels:
-
universal forwarder
11-17-2020
03:23 PM
Ended up with the same challenge as listed here and none of the suggested replies on this article helped in any way. Here is my solution: <my search> | rex field=New_Time mode=sed "s/[^ -~]//g" | rex field=Previous_Time mode=sed "s/[^ -~]//g" | eval time_drift = (strptime(New_Time, "%Y-%m-%dT%H:%M:%S.%9QZ") - strptime(Previous_Time,"%Y-%m-%dT%H:%M:%S.%9QZ")) | table _time New_Time time_drift Problem: The field with the Windows timestamps includes non-printable character - I thinks it's a x80, but it doesn't really matter. I use the rex mode=sed to remove anything that is not in the printable range. [^ -~] matches all non-printable character, and mode=sed will just remove them from the string. After this replacement, the strptime() function works correctly.
... View more
01-16-2020
01:08 AM
Thanks! this works perfectly!
... View more
11-07-2019
08:29 AM
Thanks! this helps!
this is now working. will take note on the whitespace for my rex moving forward.
... View more
01-21-2020
02:40 AM
your starttime and endtime are both STRING because | convert ctime(_time) AS time
String cannot be calculated.
please convert both to UNIX epoch time.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-13-2021
09:07 PM
|
