×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
kanthurao
Engager
Member since: ‎10-09-2021
‎10-11-2021
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-09-2021
View All

Re: How to pass two different values to Dashboard ...

by in Dashboards & Visualizations
‎10-10-2021 09:53 AM
‎10-10-2021 09:53 AM
@kamlesh_vaghela  When I changed to Traffic, it's not working. Please check screen shot.   ... View more

Re: How to pass two different values to Dashboard ...

by in Dashboards & Visualizations
‎10-10-2021 08:15 AM
‎10-10-2021 08:15 AM
@kamlesh_vaghela  Thank you for looking into this. But Dev1 is not adding into query for "roadsui", it's only adding to "roadsbatchDev1".  Expected: env=roadsuiDev1 OR env=roadsbatchDev1 Actual:  env=roadsui OR env=roadsbatchDev1 ... View more

Re: How to pass two different values to Dashboard ...

by in Dashboards & Visualizations
‎10-09-2021 01:52 PM
‎10-09-2021 01:52 PM
@kamlesh_vaghela    But I wanted Dev1 to be added to that query. and if I change to another environment like Dev2, it should change to Dev2. index=*_dev sourcetype=WebSphere* OR sourcetype=http* env=roadsuiDev1 OR env=roadsbatchDev1 NOT source=*/nodeagent/* NOT source=*/dmgr/* NOT source=*native_stdout* NOT source=*native_stderr* | stats min(_time) as FirstTime, max(_time) as lastTime by host index sourcetype source | convert ctime(FirstTime) | convert ctime(lastTime)</set> ... View more

How to pass two different values to Dashboard quer...

by in Dashboards & Visualizations
‎10-09-2021 07:23 AM
‎10-09-2021 07:23 AM
We have multiple environments and we have to check whether splunk logs indexed or not. Based on environment we have to run query. In this below query, it's running as: (Dev1 is missing in env=trafficui) index=*_dev sourcetype=WebSphere* OR sourcetype=http* env=trafficui OR env=trafficbatchDev1 NOT source=*/nodeagent/* NOT source=*/dmgr/* NOT source=*native_stdout* NOT source=*native_stderr* | stats min(_time) as FirstTime, max(_time) as lastTime by host index sourcetype source | convert ctime(FirstTime) | convert ctime(lastTime)</set>   But I wanted like: index=*_dev sourcetype=WebSphere* OR sourcetype=http* env=trafficuiDev1 OR env=trafficbatchDev1 NOT source=*/nodeagent/* NOT source=*/dmgr/* NOT source=*native_stdout* NOT source=*native_stderr* | stats min(_time) as FirstTime, max(_time) as lastTime by host index sourcetype source | convert ctime(FirstTime) | convert ctime(lastTime)</set>   Original Query: <form> <label>DEV1 - Logs Indexed</label> <fieldset submitButton="false" autoRun="true"> <input type="dropdown" token="env_tok" searchWhenChanged="true"> <label>Select Environment</label> <choice value="Dev1">DEV1</choice> <choice value="Dev2">DEV2</choice> <default>Dev1</default> <initialValue>Dev1</initialValue> </input> <input type="dropdown" token="app_tok" searchWhenChanged="true"> <label>Select Application</label> <fieldForLabel>env</fieldForLabel> <fieldForValue>env</fieldForValue> <choice value="trafficui OR env=trafficbatch">Traffic</choice> <choice value="roadsui OR env=roadsbatch">Roads</choice> <change> <condition value="Roads"> <set token="new_search">index=*_dev sourcetype=WebSphere* OR sourcetype=http* env=$app_tok$$env_tok$ NOT source=*/nodeagent/* NOT source=*/dmgr/* NOT source=*native_stdout* NOT source=*native_stderr* | stats min(_time) as FirstTime, max(_time) as lastTime by host index sourcetype source | convert ctime(FirstTime) | convert ctime(lastTime)</set> </condition> <default>Roads</default> <initialValue>Roads</initialValue> </input> <input type="time" searchWhenChanged="true"> <label>Select Date</label> <default> <earliest>-1d@d</earliest> <latest>now</latest> </default> </input> </fieldset> <row> <panel> <table> <search> <query>$new_search$ </query> </search> <option name="showPager">true</option> <option name="count">50</option> <option name="dataOverlayMode">none</option> <option name="drilldown">none</option> <option name="percentagesRow">false</option> <option name="refresh.display">progressbar</option> <option name="rowNumbers">false</option> <option name="totalsRow">false</option> <option name="wrap">true</option> </table> </panel> </row> </form> ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-11-2021 02:29 PM