Activity Feed
- Posted Can this app be used for a self-hosted Trellix instance? on All Apps and Add-ons. 03-08-2024 07:44 AM
- Tagged Can this app be used for a self-hosted Trellix instance? on All Apps and Add-ons. 03-08-2024 07:44 AM
- Tagged Can this app be used for a self-hosted Trellix instance? on All Apps and Add-ons. 03-08-2024 07:44 AM
- Tagged Can this app be used for a self-hosted Trellix instance? on All Apps and Add-ons. 03-08-2024 07:44 AM
- Karma Re: Customize Order of Column Chart by sort_order Field for gcusello. 10-23-2023 08:07 AM
- Karma Re: Customize Order of Column Chart by sort_order Field for ITWhisperer. 10-23-2023 08:07 AM
- Karma Re: Customize Order of Column Chart by sort_order Field for gcusello. 10-23-2023 08:07 AM
- Posted Re: Customize Order of Column Chart by sort_order Field on Dashboards & Visualizations. 10-23-2023 05:56 AM
- Posted Re: Customize Order of Column Chart by sort_order Field on Dashboards & Visualizations. 10-23-2023 05:51 AM
- Posted Re: Customize Order of Column Chart by sort_order Field on Dashboards & Visualizations. 10-23-2023 05:45 AM
- Posted Customize Order of Column Chart by sort_order Field on Dashboards & Visualizations. 10-20-2023 02:08 PM
Topics I've Started
03-08-2024
07:44 AM
IHAC that is trying to ingest logs from their self-hosted Trellix instance. When I try to add an account, the URL field only lists: Global Frankfort India Singapore Sydney There is no other input field to specify an actual FQDN/IP. Am I missing something, or is this feature not present?
... View more
- Tags:
- account
- ip
- self-hosted
Labels
- Labels:
-
configuration
10-23-2023
05:56 AM
I wound up coming up with a solution. Any spaces at the start of the field will be truncated when Splunk builds that chart. I made a sort_order field that adds spaces to the start of the field value. The more spaces, the earlier in the chart order the field is placed. Here's the code now: <Base Search>
| eval sort_order=case(
income=="$24,000 and under"," $24,000 and under",
income=="$25,000 - $39,999"," $25,000 - $39,999",
income=="$40,000 - $79,999"," $40,000 - $79,999",
income=="$80,000 - $119,999"," $80,000 - $119,999",
income=="$120,000 - $199,999"," $120,000 - $199,999",
income=="$200,000 or more","$200,000 or more")
| chart count by sort_order
... View more
10-23-2023
05:51 AM
Sadly, this didn't work. The rename won't change the column values. I have found a solution though, thank you.
... View more
10-23-2023
05:45 AM
This didn't work. The chart doesn't respond to the sort order. Thanks for the attempt though.
... View more
10-20-2023
02:08 PM
I'm working on a column chart visualization that show income ranges: "$24,999 and under" "$25,000 - $99,999" "$100,000 and up" The problem is that when the column chart orders them, it puts "$100,000 and up" first instead of last. I've created an eval that assigns a sort_order value based on the field value that orders them correctly. However, I can't figure out how to get the column chart to sort according to that field. This is what I'm currently trying: | eval sort_order=case(income=="$24,000 and under",1,income=="$25,000 - $39,999",2,income=="$40,000 - $79,999",3,income=="$80,000 - $119,999",4,income=="$120,000 - $199,999",5,income=="$200,000 or more",6)
| sort sort_order
| chart count by income Here's the visualization: Is there some other way to accomplish this?
... View more
Labels
- Labels:
-
chart
-
Dashboard Studio
