×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
yaharga
Path Finder
Member since: ‎03-13-2022
‎06-03-2022
Community Statistics
Posts 13
Solutions 0
Karma Given 6
Karma Received 0
Member Since ‎03-13-2022
Activity Feed
View All

Re: How to use a field outside of map as map's sea...

by SplunkTrust in Splunk Search
‎06-03-2022 04:04 AM
1 Karma
‎06-03-2022 04:04 AM
1 Karma
Double $ should be OK for dashboards https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-run-query-returned-from-Rest/m-p/598166#M208295  ... View more

Re: Token used in search is verbose rather than th...

by in Dashboards & Visualizations
‎04-05-2022 11:54 AM
‎04-05-2022 11:54 AM
I knew eval was meant for evaluation and set was not the right thing to use when evaluating, but I went for using set because of two reasons: In some situations I did not have to resort to double quoting my tokens. For some reason on some dashboards using eval didn't set the token, must've been an error on my end. I thought that because it worked in one place, it'll work everywhere. Also didn't know eval can bubble up. Great catch! Thanks for walking me through it. ... View more

How can I set a token to be all dynamic choices of...

by in Dashboards & Visualizations
‎03-15-2022 09:55 AM
‎03-15-2022 09:55 AM
I have a dashboard with a multiselect that is populated dynamically using a search. When "All" is selected, I'm setting a different token with "*" (I'm using the hack found here to remove "All"). My multiselect is populated with choices dependent on other inputs. I want to make the "All" basically be all the choices, as opposed to "*", since it will go out of the scope of the available choices.   Anyway I can do that? Set a different token as all the choices every time "All" is selected? ... View more
Labels

Re: Metadata and tstats give different sources: Ho...

by SplunkTrust in Getting Data In
‎03-15-2022 06:34 AM
‎03-15-2022 06:34 AM
Make sure you are running both searches in the same time range. Otherwise, I don't see any reason for them to show different results.   how can I search for all the increments of the source if I know what it is? * You can use the search with metadata command. * But you generally don't need it because Splunk will always monitor tortor-adaptor.log file not the rolled over filed (tortor-adaptor.log.1, tortor-adaptor.log.2, etc) * So when you start logging for the first time only at that time it will monitor rolled-over files. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-03-2022 07:58 AM
Karma given to
View All