Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About aditsss
aditsss
Builder
Member since:
08-16-2020
Friday
Community Statistics
| Posts | 364 |
| Solutions | 0 |
| Karma Given | 89 |
| Karma Received | 7 |
| Member Since | 08-16-2020 |
Activity Feed
- Posted Re: How to Display a custom Message instead of "No results found" when there is no data for all panels on Dashboards & Visualizations. Friday
- Posted Re: How to Display a custom Message instead of "No results found" when there is no data for all panels on Dashboards & Visualizations. Friday
- Posted How to Display a custom Message instead of "No results found" when there is no data for all panels on Dashboards & Visualizations. Friday
- Posted Re: How to get two different field names on Dashboards & Visualizations. Friday
- Karma Re: How to not send the Empty Reports from splunk for gcusello. Friday
- Posted How to not send the Empty Reports from splunk on Dashboards & Visualizations. Wednesday
- Posted How to show the Data from last good date from when data is available on Dashboards & Visualizations. Tuesday
- Karma Re: How to get two different field names for ITWhisperer. a week ago
- Posted How to get two different field names on Dashboards & Visualizations. a week ago
- Karma Re: How to combine multiple rows into single row for ITWhisperer. a week ago
- Posted Re: How to combine multiple rows into single row on Dashboards & Visualizations. a week ago
- Posted Re: How to combine multiple rows into single row on Dashboards & Visualizations. a week ago
- Posted Re: How to combine multiple rows into single row on Dashboards & Visualizations. a week ago
- Posted Re: How to combine multiple rows into single row on Dashboards & Visualizations. a week ago
- Posted How to combine multiple rows into single row on Dashboards & Visualizations. a week ago
- Karma Re: How to add multiple rows while creating Incident through splunk for manjunathmeti. a week ago
- Karma Re: How to not show particular Error message in a splunk alert for rnowitzki. 2 weeks ago
- Karma Re: How to not show particular Error message in a splunk alert for ITWhisperer. 2 weeks ago
- Posted Re: How to add multiple rows while creating Incident through splunk on Dashboards & Visualizations. 2 weeks ago
- Posted Is that possible that multiple rows can come in one Incident from splunk on Dashboards & Visualizations. 2 weeks ago
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
Friday
@gcusello I have done something like this: <row> <panel> <chart rejects="$show_html$"> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> <progress> <condition match="$job.resultCount$ == 0"> <set token="show_html">true</set> </condition> <condition> <unset token="show_html"/> </condition> </progress> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> <html depends="$show_html$"> <div style="font-weight:bold;font-size:150%;text-align:center;color:red"> If you considered it as Error. Please Contact O2 Monitoring team. </div> </html> </panel> But from this its showing only at the top . But I want in each and every panel. How can I achieve this
... View more
Friday
@gcusello Below is my dashboard query. Can you guide me how I can achieve this here. <form theme="dark"> <label>Salesforce User Licenses Dashboard Clone39</label> <row> <panel> <chart> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> <row> <panel> <table> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |stats sum(TotalLicenses) as "Total-Licenses" sum(UsedLicenses) as "Used Licenses" sum(UnusedLicenses) as "Unused Licenses" by LicenseName OrgName SalesforceOrgId | sort -Total-Licenses</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="count">30</option> <option name="dataOverlayMode">none</option> <option name="drilldown">row</option> <option name="rowNumbers">false</option> <option name="wrap">false</option> <fields>["LicenseName","OrgName","SalesforceOrgId","Total-Licenses","Used Licenses","Unused Licenses"]</fields> </table> </panel> </row> </form> I have 5 panels. How can I do this. I have posted for two panels. Can you guide me how to achieve this. Thanks in advance.
... View more
Friday
Hi Everyone, I have one requirement. I want when there is No DATA in the dashboard currently its showing like "NO RESULTS FOUND" for all the dashboards. I want to show some custom messages like "Contact to Team" How can I show that. Can someone guide me.
... View more
Labels
- Labels:
-
chart
-
panel
-
simple XML
Wednesday
Hi Everyone, Is there any way to not send the reports when there is no data in it. I know this option is available in alerts. But is there any option for Reports. Please let me know. Thanks in advance
... View more
Labels
- Labels:
-
chart
-
simple XML
-
timechart
Tuesday
Hi Everyone, I have one requirement. I have multiple dashboards and data is not coming from last 60 days. So I have remove DATE/Time range drop down. what I want is suppose for one of the Dashboard the data is last available is on 26th Feb. So it should display data of 26th Feb. How can I pass Date parameter so that it can display the latest last data available Below is my query for one panel <row> <panel> <chart> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> I will remove the earliest and latest as I have remove the Date/Time dropdown Can anyone guide me on this.
... View more
a week ago
Hi Everyone, I am using below query: index=abc ns=blazegateway|stats count by app_name|eval f1="hg" I am getting result as : app_name count f1 abc 1 hg bcd 2 hg My requirement is for my column f1 I am getting hg in both rows I want some other name in 2nd row What changes I should do in my query
... View more
Labels
- Labels:
-
chart
-
panel
-
simple XML
a week ago
@ITWhisperer This is fine But the problem I am facing is For below query: APP_NAME ExceptionMessage Count Env aon1 nullpointer 1 E1 buy2 IllegalArgument 162 E1 when I am combining this with | stats values(*) as * in my search query its combining like below: APP_NAME ExceptionMessage Count Env aon1 nullpointer 162 E1 buy2 IllegalArgument 1 E1 The counts are not coming proper 162 count is for IllegalArgument not for null pointer
... View more
a week ago
@ITWhisperer I want like in this way: APP_NAME ExceptionMessage Count Env aon1 nullpointer 1 E1 buy2 IllegalArgument 23 E1 ............................ Then both APP_NAME aon1 and buy2 should be in one row similar way ExceptionMessage nullpointer and IllegalArgument both should be in same row similar for count both 1 and 23 should be in same row And same for Environment. Is this correct: index=abc ns=ab ("NullPointerException" OR "IllegalStateException" OR "IllegalArgumentException" OR "RuntimeException" OR "NumberFormatException" OR "NoSuchMethodException" OR "ClassCastException" OR "ParseException" OR "InvocationTargetException" OR "OutOfMemoryError")| rex "message=(?<ExceptionMessage>[^\n]+)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|cluster showcount=t t=0.6|table app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns|dedup ExceptionMessage|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name,cluster_count as Count| stats values(*) as *
... View more
a week ago
@ITWhisperer I don't have only one and two rows . It could be 10 rows as well . I want how can I combine them from my query: My current query: index=abc ns=ab ("NullPointerException" OR "IllegalStateException" OR "IllegalArgumentException" OR "RuntimeException" OR "NumberFormatException" OR "NoSuchMethodException" OR "ClassCastException" OR "ParseException" OR "InvocationTargetException" OR "OutOfMemoryError")| rex "message=(?<ExceptionMessage>[^\n]+)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|cluster showcount=t t=0.6|table app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns|dedup ExceptionMessage|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name,cluster_count as Count My Result APP_NAME ExceptionMessage Count Env aon1 nullpointer 1 E1 buy2 IllegalArgument 23 E1 ............................ And there can be several rows as well. I want like APP_NAME aon1 and buy2 should come in one row instead of two rows, Can you guide me how to achieve this.
... View more
a week ago
@ITWhisperer I dont want columns to be rows and rows to be columns. Currently my search results is coming like below: App_Name ExceptionMessage Count one nullpointer 38 one3 IllegalArgument 45 There are coming in different rows . I want them to be in single row so that I can send them via Incident in a single row. Can you guide me on this.
... View more
a week ago
Hi Everyone, I have one requirement. Below is my query: index=abc ns=ab ("NullPointerException" OR "IllegalStateException" OR "IllegalArgumentException" OR "RuntimeException" OR "NumberFormatException" OR "NoSuchMethodException" OR "ClassCastException" OR "ParseException" OR "InvocationTargetException" OR "OutOfMemoryError")| rex "message=(?<ExceptionMessage>[^\n]+)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|cluster showcount=t t=0.6|table app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns|dedup ExceptionMessage|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name,cluster_count as Count I am getting multiple rows and column names are app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns I want them to be in one row. All the app_name should be in one row, all excepton messages should be in one row Can soemone guide me on this.
... View more
Labels
- Labels:
-
chart
-
simple XML
2 weeks ago
@manjunathmeti I want like if 2 rows are coming in search result for alert then both rows should come in same incident Suppose these are the result I am getting: F1 appname k d c g Then when creating incident in uniquefield when I type $result.F1$ $result.appname$ Then both F1 and appname should come on same incident But currently I am getting only one in incident Can you guide me on this
... View more
2 weeks ago
Hi Everyone, Is that possible that we can send multiple row in one incident. My search query is below: index=abc ns=blazegateway ("NullPointerException" OR "IllegalStateException" OR "RuntimeException" OR "NumberFormatException" OR "NoSuchMethodException" OR "ClassCastException" OR "ParseException" OR "InvocationTargetException" OR "OutOfMemoryError")| rex "message=(?<ExceptionMessage>[^\n]+)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|cluster showcount=t t=0.9|table app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns|dedup ExceptionMessage|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name,cluster_count as Count so I am getting 5(It can be more based on result) rows with different Exception messges. I want that all 5 rows should be there in one incident. But I am getting only first row fields Is that possible that all 5 rows will be in one incident
... View more
Labels
- Labels:
-
chart
-
simple XML
2 weeks ago
@manjunathmeti with this query also I am getting 3 rows. Is that possible that I can create one incident and then append rest of the rows in it.
... View more
2 weeks ago
@manjunathmeti I tried with this query as well: index=abc ns=blazegateway|stats count by app_name|eval f1="khushi"| streamstats count as temp | eval temp=floor(count/3) | stats values(*) as * by temp | fields - temp I am still getting 3 rows
... View more
2 weeks ago
@manjunathmeti I cant use csv or I can append result in single row because these are Exception messages and ol will be different. There could be 15 rows also. Is there any way that if search alert result in 5 rows one incident will be created and all the 5 rows will be appended to it. Is any functionality there .
... View more
2 weeks ago
@manjunathmeti In this way 2 Incidents are created for each row. I want only one Incident should be there and 2nd should be append to it. Because they are from the same result . Can you guide me is that possible
... View more
2 weeks ago
Hi Everyone, I am creating one alert: The search query is below: index=abc ns=blazegateway ERROR|rex field=_raw "ERROR(?<Error_Message>.*)" |eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")| eval Error_Message=if(Error_Message="\",",null,Error_Message)|cluster showcount=t t=0.2|table app_name, Error_Message ,cluster_count,_time, pod_name,ns |dedup Error_Message| rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name, cluster_count as Count I need to show all the Errors so I am fetching on keyword Error. My splunk log is below: Xms3096m -Xmx3096m -Dsidh_psf_spring_profile=e1 -Dspring.profiles.active=e1 -Dsidh_symmetric_cipher_key=MasVU4msfPLjItTYo1VLRgfi5VjJ46axIZ/9qTUAUmY= -Dio.javaagent.slf4j.simpleLogger.defaultLogLevel= ERROR ', ' -jar ', ' /opt/app-root/app.jar '] Dio.javaagent.slf4j.simpleLogger.defaultLogLevel = ERROR But the ERROR in above logs are not ERROR. I dont want them to come in alerts. what changes I should do in my search query to not get them but get rest of the Errors. Thanks in advance
... View more
Labels
- Labels:
-
chart
-
drilldown
-
simple XML
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Friday
|
Karma given to
