About aditsss

aditsss

@gcusello Is that possible that we can show Custom Message under with "NO RESULT FOUND" text in proper panel. I had tried something like this: <dashboard> <label>No Data Found Dashboard</label> <row> <panel> <html depends="$search_msg$"> <h3 style="margin: 60px 0 50px 10px;">$search_msg$</h3> </html> <chart rejects="$search_msg$"> <title>Overall User Licenses</title> <search> <query> index=wineventlog user="*.ad" TaskCategory="Security Group Management" | timechart span=10m count |reverse </query> <done> <title>Overall Salesforce User Licenses</title> <condition match="'job.resultCount' > 0"> <unset token="search_msg"/> </condition> <condition> <set token="search_msg">No Activity Found</set> </condition> </done> </search> ... </chart> </panel> </row> </dashboard> But when there is NO DATA it is coming as "NO ACTIVITY FOUND" . I want at least t it should come up with the title Overall User Licenses in panel. How can I achieve that.

aditsss

Hi Everyone, I have created hyperlink like below: <html depends="$show_html$"> <div style="font-weight:bold;font-size:200%;text-align:center;color:red"> If you considered it as Error. Please Contact <a href="your_link" target="_blank"> O2-Site-Reliability-Engineering Team.</a> </div> </html> I want when I should click on this hyperlink .It should open Email with O2-Site-Reliability-Engineering <o2-site-reliability-engineering@sg.com> Can some one guide me on this.

aditsss

@TheFlash I want to redirect to mail. Like when I click on this it should open mail.

aditsss

Hi Everyone, How we can open a mail one hyperlink in splunk. Below is my text: <html depends="$show_html$"> <div style="font-weight:bold;font-size:200%;text-align:center;color:red"> If you considered it as Error. Please Contact O2-Site-Reliability-Engineering Team. </div> </html> I want that O2-SIte-Reliability Engineering team should be a hyperlink and on clicking on this.It should open a mail. Can someone guide me on this.

aditsss

@gcusello some logs contains like this as well. 2021-04-13 23:54:25,867 INFO [NiFi Web Server-56517] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<adasg17><CN=com, OU=Middleware Utilities, L=Phoenix, ST=Arizona, C=US>) GET https://lpdosputb50090.phx.p.com:9091/nifi-api/flow/process-groups/f9d9372e-b5ee-1c7b-b319-2601b4c87428 I want only one column for both. How can I extract

aditsss

Hi Everyone, Can someone guide me . How I can extract the below highlighted field from the logs: 2021-04-13 23:54:59,614 INFO [NiFi Web Server-54351] o.a.n.w.s. Attempting request for (<kdave7><l.com><CN=.com, OU=Middleware Utilities,L=Phoenix, ST=Arizona, C=US>) PUT https://lpdosputb50088.phx.bvc.com:9091/nifi-api/process-groups/9c673790-e123-1a1b-9c0d-d1adf4af91cb/variable-registry 2021-04-13 23:54:59,617 INFO [NiFi Web Server-201257] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<kdave7>><CN=lpdosputb50090.phx.aexp.com, OU=Middleware Utilities, L=Phoenix, ST=Arizona, C=US>) PUT https://lpdosputb50089.phx.abc.com:9091/nifi-api/process-groups/9c673790-e123-1a1b-9c0d-d1adf4af91cb/variable-registry 2021-04-13 23:54:41,185 INFO [NiFi Web Server-54256] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<JWT token>) GET https://ecpnifiblaze-dev.poi.com/nifi-api/processors/cbd8ff04-0178-1000-0000-000035805b48

aditsss

@gcusello This is the code for this complete panel. <row> <panel> <title>Number of Licenses (Total, Used , Unused)</title> <input type="dropdown" token="license" searchWhenChanged="true"> <label>Licenses (Total, Unused, Used)</label> <choice value="a">Total</choice> <choice value="b">Unused</choice> <choice value="c">Used</choice> <default>a</default> <change> <condition value="a"> <unset token="b-details"></unset> <unset token="c-details"></unset> <set token="a-details"></set> </condition> <condition value="b"> <unset token="a-details"></unset> <unset token="c-details"></unset> <set token="b-details"></set> </condition> <condition value="c"> <unset token="a-details"></unset> <unset token="b-details"></unset> <set token="c-details"></set> </condition> </change> </input> </panel> </row> This dropdown value consists of 3 values Total, Used , Unused so there is no search query in it. How can I show custom message for this particular one

aditsss

@gcusello This panel only consists of dropdown. So I am not able to show custom message on this particular panel. How can I achieve this.

aditsss

Hi Everyone, I need to create one hyperlink in my top menu bar. I tried with following code. But its not working. <collection> <li><a href="O2 Team">O2 Team</a></li> </collection> I just want it as a static link as of now. Can someone guide me how to create it.

aditsss

@gcusello yes my previous question is answered, The thing that I want now is there are some panels which does not include queries . There I am not able to display custom messages. I want to display in each and every panel. Is there any way to do that. Below is my code for that panel: <row> <panel> <title>Number of Licenses (Total, Used , Unused)</title> <input type="dropdown" token="license" searchWhenChanged="true"> <label>Licenses (Total, Unused, Used)</label> <choice value="a">Total</choice> <choice value="b">Unused</choice> <choice value="c">Used</choice> <default>a</default> <change> <condition value="a"> <unset token="b-details"></unset> <unset token="c-details"></unset> <set token="a-details"></set> </condition> <condition value="b"> <unset token="a-details"></unset> <unset token="c-details"></unset> <set token="b-details"></set> </condition> <condition value="c"> <unset token="a-details"></unset> <unset token="b-details"></unset> <set token="c-details"></set> </condition> </change> </input> </panel> </row>

aditsss

Hi Everyone, I have one requirement. I have one dashboard which consists of multiple panels. when there is NO DATA its showing "NO RESULT FOUND" but I want to display one message "It is Error" I am able to display it at top. But I want to display at each and every panel. Below are my two queries for 2 panels. I want to display in Both. <row> <panel> <chart> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> <row> <panel> <table> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |stats sum(TotalLicenses) as "Total-Licenses" sum(UsedLicenses) as "Used Licenses" sum(UnusedLicenses) as "Unused Licenses" by LicenseName OrgName SalesforceOrgId | sort -Total-Licenses</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="count">30</option> <option name="dataOverlayMode">none</option> <option name="drilldown">row</option> <option name="rowNumbers">false</option> <option name="wrap">false</option> <fields>["LicenseName","OrgName","SalesforceOrgId","Total-Licenses","Used Licenses","Unused Licenses"]</fields> </table> </panel> </row>

aditsss

@gcusello I have done something like this: <row> <panel> <chart rejects="$show_html$"> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> <progress> <condition match="$job.resultCount$ == 0"> <set token="show_html">true</set> </condition> <condition> <unset token="show_html"/> </condition> </progress> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> <html depends="$show_html$"> <div style="font-weight:bold;font-size:150%;text-align:center;color:red"> If you considered it as Error. Please Contact O2 Monitoring team. </div> </html> </panel> But from this its showing only at the top . But I want in each and every panel. How can I achieve this

aditsss

@gcusello Below is my dashboard query. Can you guide me how I can achieve this here. <form theme="dark"> <label>Salesforce User Licenses Dashboard Clone39</label> <row> <panel> <chart> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> <row> <panel> <table> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |stats sum(TotalLicenses) as "Total-Licenses" sum(UsedLicenses) as "Used Licenses" sum(UnusedLicenses) as "Unused Licenses" by LicenseName OrgName SalesforceOrgId | sort -Total-Licenses</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="count">30</option> <option name="dataOverlayMode">none</option> <option name="drilldown">row</option> <option name="rowNumbers">false</option> <option name="wrap">false</option> <fields>["LicenseName","OrgName","SalesforceOrgId","Total-Licenses","Used Licenses","Unused Licenses"]</fields> </table> </panel> </row> </form> I have 5 panels. How can I do this. I have posted for two panels. Can you guide me how to achieve this. Thanks in advance.

aditsss

Hi Everyone, I have one requirement. I want when there is No DATA in the dashboard currently its showing like "NO RESULTS FOUND" for all the dashboards. I want to show some custom messages like "Contact to Team" How can I show that. Can someone guide me.

aditsss

@ITWhisperer Thank you so much

aditsss

Hi Everyone, Is there any way to not send the reports when there is no data in it. I know this option is available in alerts. But is there any option for Reports. Please let me know. Thanks in advance

aditsss

Hi Everyone, I have one requirement. I have multiple dashboards and data is not coming from last 60 days. So I have remove DATE/Time range drop down. what I want is suppose for one of the Dashboard the data is last available is on 26th Feb. So it should display data of 26th Feb. How can I pass Date parameter so that it can display the latest last data available Below is my query for one panel <row> <panel> <chart> <title>Overall Salesforce User Licenses</title> <search> <query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query> <earliest>$field1.earliest$</earliest> <latest>$field1.latest$</latest> </search> <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> <option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option> <option name="charting.axisTitleX.visibility">visible</option> <option name="charting.axisTitleY.text">Count</option> <option name="charting.axisTitleY.visibility">visible</option> <option name="charting.axisTitleY2.visibility">visible</option> <option name="charting.axisX.scale">linear</option> <option name="charting.axisY.maximumNumber">999999</option> <option name="charting.axisY.minimumNumber">0</option> <option name="charting.axisY.scale">log</option> <option name="charting.axisY2.enabled">0</option> <option name="charting.axisY2.scale">inherit</option> <option name="charting.chart">column</option> <option name="charting.chart.bubbleMaximumSize">50</option> <option name="charting.chart.bubbleMinimumSize">10</option> <option name="charting.chart.bubbleSizeBy">area</option> <option name="charting.chart.nullValueMode">gaps</option> <option name="charting.chart.showDataLabels">all</option> <option name="charting.chart.sliceCollapsingThreshold">0.01</option> <option name="charting.chart.stackMode">default</option> <option name="charting.chart.style">shiny</option> <option name="charting.drilldown">all</option> <option name="charting.layout.splitSeries">0</option> <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> <option name="charting.legend.placement">top</option> <option name="height">400</option> <option name="refresh.display">progressbar</option> </chart> </panel> </row> I will remove the earliest and latest as I have remove the Date/Time dropdown Can anyone guide me on this.

aditsss

Hi Everyone, I am using below query: index=abc ns=blazegateway|stats count by app_name|eval f1="hg" I am getting result as : app_name count f1 abc 1 hg bcd 2 hg My requirement is for my column f1 I am getting hg in both rows I want some other name in 2nd row What changes I should do in my query

aditsss

@ITWhisperer This is fine But the problem I am facing is For below query: APP_NAME ExceptionMessage Count Env aon1 nullpointer 1 E1 buy2 IllegalArgument 162 E1 when I am combining this with | stats values(*) as * in my search query its combining like below: APP_NAME ExceptionMessage Count Env aon1 nullpointer 162 E1 buy2 IllegalArgument 1 E1 The counts are not coming proper 162 count is for IllegalArgument not for null pointer

aditsss

@ITWhisperer I want like in this way: APP_NAME ExceptionMessage Count Env aon1 nullpointer 1 E1 buy2 IllegalArgument 23 E1 ............................ Then both APP_NAME aon1 and buy2 should be in one row similar way ExceptionMessage nullpointer and IllegalArgument both should be in same row similar for count both 1 and 23 should be in same row And same for Environment. Is this correct: index=abc ns=ab ("NullPointerException" OR "IllegalStateException" OR "IllegalArgumentException" OR "RuntimeException" OR "NumberFormatException" OR "NoSuchMethodException" OR "ClassCastException" OR "ParseException" OR "InvocationTargetException" OR "OutOfMemoryError")| rex "message=(?<ExceptionMessage>[^\n]+)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|cluster showcount=t t=0.6|table app_name, ExceptionMessage,cluster_count,_time, environment, pod_name,ns|dedup ExceptionMessage|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name,cluster_count as Count| stats values(*) as *

Posts	375
Solutions	0
Karma Given	92
Karma Received	7
Member Since	‎08-16-2020

Online Status	Offline
Date Last Visited	Sunday

How to redirect a hyperlink to EMail

How to open a mail from a hyperlink in splunk

How to extract the field from the raw data

How to create a hyperlink in main menu

How to display messages instead of "No Result Fou...

How to Display a custom Message instead of "No res...

How to not send the Empty Reports from splunk

How to show the Data from last good date from whe...

How to get two different field names

How to combine multiple rows into single row

Re: How to display messages instead of "No Result...

How to redirect a hyperlink to EMail

Re: How to open a mail from a hyperlink in splunk

How to open a mail from a hyperlink in splunk

Re: How to extract the field from the raw data

How to extract the field from the raw data

Re: How to display messages instead of "No Result...

Re: How to display messages instead of "No Result...

How to create a hyperlink in main menu

Re: How to display messages instead of "No Result...

How to display messages instead of "No Result Fou...

Re: How to Display a custom Message instead of "No...

Re: How to Display a custom Message instead of "No...

How to Display a custom Message instead of "No res...

Re: How to get two different field names

How to not send the Empty Reports from splunk

How to show the Data from last good date from whe...

How to get two different field names

Re: How to combine multiple rows into single row

Re: How to combine multiple rows into single row