Activity Feed
- Karma Re: Replace Null values in xyseries chart for somesoni2. 06-05-2020 12:47 AM
- Got Karma for Using the Year/Annual Timewrap. 06-05-2020 12:47 AM
- Got Karma for Using the Year/Annual Timewrap. 06-05-2020 12:47 AM
- Got Karma for Re: How to format timechart or stats visualization of failed login account names by time?. 06-05-2020 12:47 AM
- Got Karma for Re: How to extract MAC address from log file?. 06-05-2020 12:47 AM
- Posted Re: How to extract MAC address from log file? on All Apps and Add-ons. 08-08-2014 11:49 AM
- Posted Re: How to format timechart or stats visualization of failed login account names by time? on Splunk Search. 07-22-2014 11:40 AM
- Posted Re: Using the Year/Annual Timewrap on All Apps and Add-ons. 07-22-2014 07:35 AM
- Posted Using the Year/Annual Timewrap on All Apps and Add-ons. 07-21-2014 06:22 AM
- Tagged Using the Year/Annual Timewrap on All Apps and Add-ons. 07-21-2014 06:22 AM
- Tagged Using the Year/Annual Timewrap on All Apps and Add-ons. 07-21-2014 06:22 AM
- Tagged Using the Year/Annual Timewrap on All Apps and Add-ons. 07-21-2014 06:22 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 2 |
08-08-2014
11:49 AM
1 Karma
Have you verified that it's extracting events properly now? Use the IFX tool, which you get to by clicking the Extract Fields menu option on an event in search.
... View more
07-22-2014
11:40 AM
1 Karma
If you're trying to do a line chart, you can edit the graph so the days with no values will show as 0. [Click on the Paintbrush menu and then the middle option by Null Values on the General tab.]
This will keep the line for each Account Name from having breaks in it, so your graph will show as a bunch of flat lines with occasional spikes when you have failed logins.
Also, if you're not actually wanting the graph split by user, you can always do "timechart count by EventCode" (or any other field that will only have one value) to get the total lockouts by time.
Is that what you were asking? Let me know if I misunderstood.
... View more
07-22-2014
07:35 AM
Updated the app and restarted Splunk, but still getting the same error. Thoughts on what's causing the different results for each of us?
... View more
07-21-2014
06:22 AM
2 Karma
I've been trying to get a year-over-year graph using timewrap, but I can't seem to get it working. My queries are in the form:
[search terms] | timechart count by someField | timewrap y
I get the following error:
External search command 'timewrap'
returned error code -1. Script output
= "ERROR " 'timeunit' argument required, such as s (seconds), h
(hours), d (days), w (weeks), y
(years). Optionally prefix with a
number: 600s (10 minutes), 2w (2
weeks)." "
I've tried using timewrap y and 1y but neither worked. Using months or weeks worked fine though, including "timewrap 12m" which makes me wonder if it's just an issue with the year option.
The app is updated, and for my time range I've tried "All time" and the last 4 years. The search is generating results fine (somewhere around 2,000 for the most part), so it shouldn't be overwhelmed with too many events.
Think this is an issue on my end or have other problems using this option been documented before?
... View more
