Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About vikashperiwal
vikashperiwal
Path Finder
Member since:
02-28-2017
02-22-2021
Community Statistics
| Posts | 67 |
| Solutions | 1 |
| Karma Given | 10 |
| Karma Received | 0 |
| Member Since | 02-28-2017 |
Activity Feed
- Posted Attaching external document with the triggered Alert on Splunk Enterprise. 02-19-2021 09:49 PM
- Posted Re: splitting and sending the value from drill down to other dashboard on Splunk Search. 01-26-2021 12:32 AM
- Karma Re: splitting and sending the value from drill down to other dashboard for renjith_nair. 01-26-2021 12:24 AM
- Posted splitting and sending the value from drill down to other dashboard on Splunk Search. 01-22-2021 05:58 AM
- Posted Re: How to show only related fields when condition matches on Splunk Search. 01-17-2021 08:15 PM
- Tagged Re: How to show only related fields when condition matches on Splunk Search. 01-17-2021 08:15 PM
- Karma Re: Using all values from a drop down list in a search query when the field is filtered based on another field for niketnilay. 09-28-2020 06:59 AM
- Posted Re: trying to adjust the table cell width size without out scrolling to see all col values on Dashboards & Visualizations. 08-06-2020 05:12 PM
- Posted Re: trying to adjust the table cell width size without out scrolling to see all col values on Dashboards & Visualizations. 08-06-2020 06:27 AM
- Karma Re: What are the differences between append, appendpipe, and appendcols search commands? for somesoni2. 08-05-2020 01:23 AM
- Posted Re: How to disable mouse hover on bar chart in XML on Dashboards & Visualizations. 08-04-2020 03:37 AM
- Posted Re: how to avoid join on Splunk Search. 08-04-2020 02:27 AM
- Posted how to avoid join on Splunk Search. 08-04-2020 01:57 AM
- Posted Re: while using chart i see null value and that particular col is not visible in dashboard on Splunk Search. 07-31-2020 01:08 AM
- Posted trying to adjust the table cell width size without out scrolling to see all col values on Dashboards & Visualizations. 07-30-2020 11:33 PM
- Posted Re: Hide/reset drill down panel/fields on Splunk Search. 07-30-2020 03:54 AM
- Posted Hide/reset drill down panel/fields on Splunk Search. 07-30-2020 03:34 AM
- Posted while using chart i see null value and that particular col is not visible in dashboard on Splunk Search. 07-29-2020 09:33 AM
- Posted Re: using condition setting the status on Splunk Enterprise. 07-22-2020 07:05 PM
- Posted Using condition setting the status on Splunk Enterprise. 07-22-2020 09:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
02-19-2021
09:49 PM
Hi , I am trying to attach external document(1.5MB size) with the alerts getting triggered, so that user can refer to the document and take action. But not able to find any option to do so, please guide, if any one has tried such use case.
... View more
Labels
- Labels:
-
development
01-26-2021
12:32 AM
Thanks for this approach....although I had to do drilldown to another dashboard...but the split logic used in drilldown was the need for me...thanks a lot
... View more
01-22-2021
05:58 AM
HI , I am trying to send values from one panel to another dashboard using drill down , is it possible to split the value and then send.... I have field name "host: Running" , "service: Running" , "URL: Running" in main dashboard, these are generated fields, when i click on any field it should trigger drill down In my drilldown dashboard I have a dropdown and want only the "host" from main dashboard, Drill Down Dropdown service: Running Expected Dropdown service Basically want to split the value in main dashboard My drilldown form.token=$click.name2$
... View more
Labels
- Labels:
-
other
01-17-2021
08:15 PM
@gcusello , The solution works , but i am getting all the fields values concatenated under one field. Is it possible we have have each field as separate for example, extending the below use case Your_search
| eval display_fields=case(myField="xyz", id." - ".salary." - ".department, myField="abc", location." - ".address." - ".phone, myField="ddd",age." - ".ht." - ".gender)
| table _time myField display_fields I want in below format _time myField Id salary department time vaue xyz 1 1000000 cse time value xyz 2 2000000 IT
... View more
- Tags:
- eval
08-06-2020
05:12 PM
@richgalloway
... View more
08-06-2020
06:27 AM
I Tried some thing below but that did not help .. and use the "singleValuePanel" in search <row> <panel depends="$alwaysHideCSSPanel$"> <html> <style> #singleValuePanel th[data-sort-key="Run Id"]{ width: 40% !important; } </style> </html> </panel> </row>
... View more
08-04-2020
03:37 AM
@niketnilay ... how can we disable hover for a particular field in bar chart ? like for table fields used below html <row depends="$alwaysHideCSSPanel$"> <panel> <html> <style> #disablecursorapp table tbody tr td:nth-child(2){ cursor: default !important; } </style> </html> </panel> </row>
... View more
08-04-2020
02:27 AM
The below sol would not filter by event and 2 nd app/join both are taking lot of time to run, do we see any alternative of this,
... View more
08-04-2020
01:57 AM
Hi, I have scenario where index and sourcetype are same and i am tryng below conditions. chart dc(run) OVER app by event---- this will give me dc of run for each app for each event stats dc(run) as run by app-- this will give me dc of run by app........ i used join to get this done ike below, but this is taking lot time to run query, base search... |chart dc(run) OVER app by event | join app [search source =mysource | stats dc(run) as run by app ] |eval new_val = run - event1- event2 | fields app event1 event2 new_val new run
... View more
Labels
- Labels:
-
join
07-31-2020
01:08 AM
could get ths done by adding fillnull value = 0 field1 field 2. at the end of query
... View more
07-30-2020
11:33 PM
Hi I am trying to adjust the table col width size , currently for few values of the cell , it takes long width and i have to scroll to check all values. Col1 col2 col3 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 20 40 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 45 20
... View more
Labels
- Labels:
-
table
07-30-2020
03:54 AM
I could get the desired output, i have set the drilldown panle token to both the value of radio button, which magicaly worked.
... View more
07-30-2020
03:34 AM
Hi, I have my dashboard with two views --radio button View A View B View A has 2 panels and view B also has 2 panel and i have enabled drill down(Same drill down panel- Summary used by both views) Case: When ever i am clicking on the values of panel - this are passed as token to dropdown in Summay Drilldown panel and i can see data in drill down panel. Issue: when i am switching from View A to View B, i see summary dill down panel with previous values filled in drop dropdown.. I want, when ever i switch from View A to View B, the summary drilldown should not appear by default and same viceversa. I tried including the token in the drill down panel and same unseting in the radiobutton , but no luck
... View more
07-29-2020
09:33 AM
HI,
While use chart command i am getting null values for status in search and the same in dashboard i do not see in the panel. I am trying to get distinct count of run_id for each values(col1,col2,col,3...)
This i am seng in the search head.
Name
col1
col2
col3
col4
abc123
21
40
xyz789
35
50
In Dashboard, panel shows below table missing with col3 ans col4
ID
col1
col2
abc123
21
40
xyz789
35
50
Search Query:
index=xyz sourcetype=abc event_name=test earliest=@d | fields - _raw | eval TIME=strftime(strptime(timestamp,"%Y.%m.%d"),"%F") | fields app_name event_name TIME values Id | search name=* values="col1" OR values="col2" OR values="col3" OR values="col4" | chart dc(run_Id) OVER name by values | fields "APP NAME" col1 col2 col3 col4
And also i want to add one new column:
some thing count(Id) as ID_Count by time
I tried usenull, useother, fillnull, none worked.
... View more
Labels
- Labels:
-
chart
07-22-2020
07:05 PM
Thanks for the response.. Here the the ID is dynamic , i may have 100 of ID"s and each id is associated with some values and each value has a status called value status. If my value status is failed i need to make my overall status f field for all the values present is that I'd... I was thnking of some thing below |eval Ov_status= if(value_status=="failed" OR value_status=="Inprogress" or value_status=="completed", "failed",Ov_status).. But above condition is making all my Ov_status to failed irrespective of checking ID I want to filter by ID
... View more
07-22-2020
09:23 AM
Hi,
I am trying to achive a logic for below scenario , but getting conflict ..
Table
id
start_time
end_time
Ov_status
value
value_status
xyz.123
2020-07-22
Inprogress
myvalue
Failed
xyz.123
2020-07-22
2020-07-22
completed
yourval
Completed
abc.321
2020-07-22
Inprogress
isval
Inprogress
Here i have used below case statement to get Ov_status
| eval Ov_status=case(isnotnull(start_time) AND isnull(end_time ),"Inprogress",isnotnull(start_time) AND isnotnull(end_time ),"completed")
Now i want if value_status is failed for any value of id(xyz.123) the Ov_status should reset to failed
... View more
Labels
- Labels:
-
configuration
-
development
07-19-2020
08:17 AM
This is exactly what i was looking for..... Thank you very much .. @niketnilay
... View more
07-19-2020
05:57 AM
HI, I am triying to use value from the below log in drop down and then filter based on this value in panel. how can i extract this , please guide Drop Down: Field_ID umt_nic_rbg_config.json mrd.json rbg_config.json nic_rbg_config.json /apps/dat/smrdau/xyz/mrd/temp/umt_nic_rbg_config.json_bu1595098800 /apps/dat/amrdau/xyz/mrd/temp/mrd.json_date=202 /apps/dat/amrdu/xyz/mrdap-ingestion/temp/rbg_config.json_business /apps/dat/amrdau/xyz/mrdap/temp/nic_rbg_config.json_bdate=2020
... View more
Labels
- Labels:
-
single value
07-15-2020
01:55 AM
Splunk v7.2 Strange thing is till yest it was wroking fine , and i did not do any change, by dont know why this stopped working. Bascially I have passed my dropdown token here i.e tok_time and from the table when i am sedning the date to the dropdown its vaue gets updated with the clicked field cell.. but i am not able to get the value in dropdown when using round <eval token="form.tok_time">round($click.value$,0)</eval>
... View more
- Tags:
- drilldown
07-14-2020
09:31 PM
Hi , I am trying to pass the value from one panel to drop down using drill down, issue i am getting is when using round function with eval. <drilldown> <set token="form.tok_status">$click.name2$</set> <eval token="form.tok_time">round($click.value$,0)</eval> // when passing the token directly i am abe to get the value , but when using round its not working </drilldown>
... View more
Labels
- Labels:
-
drilldown
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-22-2021
03:05 AM
|
Karma given to
