cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Coffeebean
Explorer
Member since: ‎07-21-2021
‎07-30-2021
Community Statistics
Posts 5
Solutions 2
Karma Given 1
Karma Received 0
Member Since ‎07-21-2021
View All

Re: Using job.resultCount to add up multiple Singl...

by in Dashboards & Visualizations
‎07-30-2021 04:57 AM
‎07-30-2021 04:57 AM
I should have thought about it five minutes longer. I solved it now. You can use $result.count$ to access the internal field of the search.   <done> <condition match="'result.count' = 0"> <set token="panel_failedLogons">0</set> </condition> <condition> <set token="panel_failedLogons">1</set> </condition> </done>    Maybe this will help somebody else. ... View more

Using job.resultCount to add up multiple SingleVal...

by in Dashboards & Visualizations
‎07-30-2021 04:43 AM
‎07-30-2021 04:43 AM
Hello there, im trying to work with the job.resultCount token, but I can't really figure it out. I have this pretty basic search: Its supposed to return the amount of login attempts, grouped by user and with more than 1 attempt per day. I display the result ( 0 ) as a SingleValue panel in my dashboard. Now I want to sump up this result and results from other SingleValue Panels into a new Panel, to see how many patterns returned at least one result. To get that information, I use the below code to set a token for each panel, which will be added up later. <done> <condition match="'job.resultCount' = 0"> <set token="panel_failedLogons">0</set> </condition> <condition> <set token="panel_failedLogons">1</set> </condition> </done>  Problem is, as the | stats count command creates a row displaying 0 results, its counts as a result and therefor the token is set to 1. I also cannot use job.eventCount as there may be single failed login attempts for a user. Any ideas how I can bypass/solve this particular problem? ... View more
Labels

Re: Count searches with results

by in Dashboards & Visualizations
‎07-28-2021 08:20 AM
‎07-28-2021 08:20 AM
@jhanvidattani  Thanks for the answer, but that looks like a XML solution. As i tried this method with Dashboard Studio, which doesn't support XML, this will probably not work. I will try to redesign my project with the old Dashboard builder. ... View more

Count searches with results

by in Dashboards & Visualizations
‎07-21-2021 08:02 AM
‎07-21-2021 08:02 AM
Hey there, I just started with splunk. Currently I'm testing the new dashboard studio feature. I would like to count all searches with 1 or more found events on my dashboard. In case of the attached picture, I would like to display 3 in the upper SingleValue field. If the search for Event 2 has 0 results, i would like to display a 2, and so on. Is there a simple and scalable solution to this, if I want to add more searches to the dashboard later on? Thank you in advance! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-30-2021 11:10 AM
Karma given to
View All