Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Sundried
Sundried
Explorer
Member since:
07-22-2020
12-11-2022
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 1 |
| Member Since | 07-22-2020 |
Activity Feed
- Posted Re: Is it possible to send a dashboard with its xml formatting? on Dashboards & Visualizations. 12-11-2022 04:16 PM
- Posted Is it possible to send a dashboard with its xml formatting? on Dashboards & Visualizations. 11-30-2022 06:19 PM
- Posted Re: Is there a way to filter by source in a post process search? on Dashboards & Visualizations. 10-23-2022 10:12 PM
- Posted Re: Is there a way to filter by source in a post process search? on Dashboards & Visualizations. 10-21-2022 10:47 PM
- Posted Re: Is there a way to filter by source in a post process search? on Dashboards & Visualizations. 10-20-2022 08:31 PM
- Posted Is there a way to filter by source in a post process search? on Dashboards & Visualizations. 10-20-2022 07:33 PM
- Got Karma for How to get current GMT time?. 07-08-2021 06:42 AM
- Karma Re: How to convert this time format with strptime()? for isoutamo. 09-28-2020 10:54 PM
- Karma Re: How to convert this time format with strptime()? for bowesmana. 09-28-2020 10:53 PM
- Posted How to convert this time format with strptime()? on Splunk Search. 09-28-2020 07:58 PM
- Tagged How to convert this time format with strptime()? on Splunk Search. 09-28-2020 07:58 PM
- Posted Re: How to get current GMT time? on Splunk Search. 07-23-2020 05:07 PM
- Posted Re: How to get current GMT time? on Splunk Search. 07-23-2020 03:58 PM
- Posted How to get current GMT time? on Splunk Search. 07-22-2020 10:10 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 1 |
12-11-2022
04:16 PM
Does this feature exist?
... View more
11-30-2022
06:19 PM
Hi, I recently created a nicely formatted dashboard which has its tables colour coded according to search results. However, any exports I try result in none of the formatting being exported - just plain white tables without any colour or formatting done which I do require in some way for presentation. Is there a way to keep that xml in the export?
... View more
10-23-2022
10:12 PM
This worked. Thanks mate. Didn't know source was treated that way.
... View more
10-21-2022
10:47 PM
Base: index=logs source=A OR source=sourceB | fields fileName Panel 1: search source=sourceA | table fileName Panel 2: search source=sourceB | table fileName
... View more
10-20-2022
08:31 PM
So field A is a common field, which are names of files. The way they have been onboarded is that they are separated by a source name, so source A field A will be a set of files that are evaluated under one panel. Then source B field A are a set of files too, but to be evaluated under another panel with different parameters/output. I've tried to put the sources in the base search and then calling the sources again in their respective panels but nothing loads too.
... View more
10-20-2022
07:33 PM
Hi, I have a base search and post process searches on a dashboard that need to be split by source, but it doesn't appear like splitting by source works. The only thing shared is the index, and some fields but depending on the source I need to evaluate the fields differently. For instance: Base search: index=test_logs | fields A Two post process searches: | search source=sourceA . (evaluate field A certain way because it's from source A) | search source=sourceB . (evaluate field A a different way as it's from source B) The problem is that when I do this nothing will load. I've found the only way to get this to work is to put the source in the base search but then I wouldn't be able to do my evaluations properly.
... View more
Labels
- Labels:
-
panel
09-28-2020
07:58 PM
I haven't found something for this time format in the docs: Mon Sep 28 00:00:00 GMT 2020 How can I convert this with strptime()? How do I make sure the "GMT" part of the string isn't interfering?
... View more
- Tags:
- eval
Labels
- Labels:
-
eval
07-23-2020
03:58 PM
@niketn This doesn't seem to get the current GMT time. At least not for me. I had to change the "+0000" to "+2000". In this case, won't it still fail after daylight savings?
... View more
07-22-2020
10:10 PM
1 Karma
I have a search: search | eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N") This works, except the createdDate field from my results are in GMT+0, whilst I'm in GMT+10 so there's 10 hours added to every result. I was going to just do a -36000 bandaid fix but after daylight savings this would break. How can I get current GMT time?
... View more
Labels
- Labels:
-
eval
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-11-2022
07:37 PM
|
