Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Anush
Anush
Engager
Member since:
10-28-2020
11-19-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-28-2020 |
Activity Feed
- Posted Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-19-2020 03:35 PM
- Posted Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 04:09 PM
- Tagged Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 04:09 PM
- Tagged Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 04:09 PM
- Posted Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 02:53 PM
- Tagged Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 02:53 PM
- Tagged Re: How to get all the values in y axis - Visualization Tab on Splunk Search. 11-18-2020 02:53 PM
- Posted How to get all the values in y axis - Visualization Tab on Splunk Search. 11-17-2020 07:51 PM
- Tagged How to get all the values in y axis - Visualization Tab on Splunk Search. 11-17-2020 07:51 PM
- Posted Re: How to extract the field value which has space on Splunk Search. 11-01-2020 02:24 PM
- Posted How to extract the field value which has space on Splunk Search. 10-28-2020 09:57 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
11-19-2020
03:35 PM
Alrighty! but I have seen somewhere that this is possible to have multiple bars in y axis for a single value in x axis. So, wanted to check if that was possible.
... View more
11-18-2020
04:09 PM
So, one of the values in the y axis will be count which is numeric. Can we display the other values as text? Is that possible? If we move the hoover over the bar, it displays the values as "Endpoint Email" and if we move to other bar , it displays the FileName as "User "report.text " I have attached the Screenshot
... View more
11-18-2020
02:53 PM
This is the statistical view of my search. I need to have LoginName on the x axis and all the other values(Endpoint Channel, Destination, FileName, PolicyName, IncidentTime and count) for each and every loginName on Y axis. Like the below, X axis- LoginName , Y axis- All the values of LoginName Is that possible?
... View more
11-17-2020
07:51 PM
Hi All, How do we all the values for a single field? Currently, the chart is displayed with the LoginName(x axis) with the count of LoginName(Y axis). Please see below ScreenShot, What is needed- Display all the values(Endpoint channel, Destination, FileName,IncidentTime, Count) of the each and every LoginName. Screenshot below, Currently, I am not getting these values and only getting count of LoginName. This is the query that is used, index="prod" sourcetype="*" |rex "sourceServiceName=(?<sourceServiceName>[\w\s]+)\s+\w+=" |rex "duser=(?<duser>[\w\s]+)\s+\w+=" |rex "fname=(?<fname>[\w\s]+)\s+\w+=" |rex "cat=(?<cat>[\w\s]+)\s+\w+=" |rename sourceServiceName as EndpointChannel duser as Destination loginName as LoginName fname as FileName _time as IncidentTime cat as PolicyName |fieldformat IncidentTime = strftime(IncidentTime, "%Y/%m/%d %H:%M:%S") |top showperc=f EndpointChannel Destination FileName PolicyName IncidentTime by LoginName | sort -IncidentTime This query works only in Statistics view and when I click the visualization, I'm not getting the other values. Can someone please help? TIA
... View more
- Tags:
- visualization
Labels
- Labels:
-
other
10-28-2020
09:57 PM
Below is the sample field value from the event, sourceServiceName=Endpoint Web analyzedBy=Policy Engine Status=New Success=True By default, the field value detects only Endpoint and not the full text Endpoint Web Som I used the below rex command but it didn't work, rex "sourceServiceName=(?<sourceServiceName>[^\"]+)" - This one fetches all the text starting from "Endpoint to end of that event" Also the value of the field sourceServiceName can be anything, i.e -Endpoint Web or Endpoint Printing Endpoint USB etc. First word -Endpoint Second word -any can any word I want to fetch only the value of field serviceSourceName Can you please help?
... View more
Labels
- Labels:
-
rex
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-19-2020
07:50 PM
|
