Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About biju_babu
biju_babu
Explorer
Member since:
06-05-2022
11-11-2022
Community Statistics
| Posts | 13 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 2 |
| Member Since | 06-05-2022 |
Activity Feed
- Got Karma for Re: How to use JavaScript code in Splunk Cloud dashboard ?. 02-07-2024 03:00 PM
- Got Karma for Re: How to use JavaScript code in Splunk Cloud dashboard ?. 01-20-2023 04:37 AM
- Posted Re: How to use JavaScript code in Splunk Cloud dashboard ? on Dashboards & Visualizations. 11-11-2022 04:02 AM
- Tagged Re: How to use JavaScript code in Splunk Cloud dashboard ? on Dashboards & Visualizations. 11-11-2022 04:02 AM
- Posted Re: How can I apply JavaScript on a multiselect dropdown menu? on Dashboards & Visualizations. 11-11-2022 04:01 AM
- Posted Re: subsearch with static result on Splunk Search. 11-04-2022 06:37 AM
- Posted Re: subsearch with static result on Splunk Search. 11-04-2022 05:53 AM
- Posted Re: subsearch with static result on Splunk Search. 11-04-2022 03:58 AM
- Posted Re: subsearch with static result on Splunk Search. 11-04-2022 03:46 AM
- Posted How to achieve subsearch with static result? on Splunk Search. 11-04-2022 01:14 AM
- Posted Re: How to use an evaluated field in search command? on Splunk Search. 06-06-2022 01:05 PM
- Posted Re: dropdown token display name and value on Splunk Search. 06-06-2022 06:59 AM
- Karma Re: dropdown token display name and value for gcusello. 06-06-2022 06:59 AM
- Posted Re: dropdown token display name and value on Splunk Search. 06-06-2022 04:14 AM
- Posted Is it possible to get dropdown token display name and value? on Splunk Search. 06-06-2022 02:50 AM
- Tagged Is it possible to get dropdown token display name and value? on Splunk Search. 06-06-2022 02:50 AM
- Posted Re: Search with evaluated field on Splunk Search. 06-05-2022 01:14 PM
- Posted How to use an evaluated field in search command? on Splunk Search. 06-05-2022 11:28 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
11-11-2022
04:02 AM
2 Karma
Is there a way to add the java script in xml inline? I am using cloud version and don't have rights to add the script in path.
... View more
11-11-2022
04:01 AM
Is there a way to add the java script in xml inline. I am using cloud version and don't have rights to add the script in path.
... View more
11-04-2022
06:37 AM
Looks like replacing makeresults with search command is working correctly. Thanks @gcusello
... View more
11-04-2022
05:53 AM
That is what my initial question was. I don't want to do a search as the value i am expecting from subsearch is static. Is there any other way to get result? With full search, results is getting repeated for the given time duration. Verified the result with | makeresults. I am getting the result as (((apps="app/yellow*" OR apps="app/green*")))
... View more
11-04-2022
03:58 AM
it is not working when ending up fields also. This is what i am testing: index=main servicetype="aws:accesslogs" [ search | eval prods="[{\"product\":\"101\",\"color\":[\"red\",\"green\",\"blue\"]},{\"product\":\"102\",\"color\":[\"yellow\",\"green\"]}]" | spath path={} input=prods output=prodcols| mvexpand prodcols| spath input=prodcols | rename color{} as colors | where 'product' = "102" | eval result="app/".mvjoin(colors,",app/") | rex field=result mode=sed "s/,/*,/g" | eval result=result."*" | eval apps=split(result,",") | fields apps When i replace the string coming from |format into main query, i am getting the result. Can you please check what is wrong in this?
... View more
11-04-2022
03:46 AM
it is not working when ending up fields also. This is what i am testing: index=main servicetype="aws:accesslogs" [ search | eval prods="[{\"product\":\"101\",\"color\":[\"red\",\"green\",\"blue\"]},{\"product\":\"102\",\"color\":[\"yellow\",\"green\"]}]" | spath path={} input=prods output=prodcols| mvexpand prodcols| spath input=prodcols | rename color{} as colors | where 'product' = "102" | eval result="app/".mvjoin(colors,",app/") | rex field=result mode=sed "s/,/*,/g" | eval result=result."*" | eval apps=split(result,",") | fields apps When i replace the string coming from |format into main query, i am getting the result. Can you please check what is wrong in this?
... View more
11-04-2022
01:14 AM
I want to achieve something like this:
index=main servicetype="aws:accesslogs" (apps in ("app1","app2","app3"))
note: app1, app2, app3 are static value which is extracted from static json object (not coming from search)
I want to build subsearch to get the extract values from json and use it in primary search. Which of the generating command i can use in subsearch?
I am not getting result when i use search command. when i run the subsearch separately with makeresults i get the value.
... View more
Labels
- Labels:
-
subsearch
06-06-2022
01:05 PM
what if i use "where" command to set the source. does it impact the performance? Example using #2 instead of #1 1. index=main sourcetype="access_combined" source="app1" 2. index=main sourcetype="access_combined" | where match(source,"app1")
... View more
06-06-2022
06:59 AM
Thanks Giuseppe. by the way i was using dashboard studio not the classic xml. I was thinking another way to do this by using token value as string with both values separated by some character (;) and use split method to get the value. I will check you method too. Thanks a lot
... View more
06-06-2022
04:14 AM
Actually, i want to set source as display_Name and use value in search for example - index=main sourcetype="access_combined" source="App1" | search "Value1*" is there any simple way to achieve this?
... View more
06-06-2022
02:50 AM
Hi
I have a dropdown in my dashboard studio which has some static values like
TokenName: appName
Display Name
Value
App1
Value1
App2
Value2
In my search query, i need to use both display name and value. We can get the value using $appName$ but is it possible to also get display name?
Hoping for a help. Thanks
... View more
- Tags:
- dashboard
Labels
- Labels:
-
other
06-05-2022
01:14 PM
sorry - that is not working. Basically, I need to execute command like this index=main sourcetype="access_combined" "*search-val2*" where "search-val2" get evaluate from pipe(|) separated string
... View more
06-05-2022
11:28 AM
Could you please let me know how to use an evaluated field in search command
index=main sourcetype="access_combined"
| eval field1="search-val1|search-val2"
| eval searchval=mvindex(split(field1,"|"),1)
| search "*search-val2*"
I am trying to create a dashboard with one of the search as above. I get the field1 value from dropdown list in dashboard. Something like
| eval field1 = $searchkey$
The above works with the static value in search command but I am trying to use searchval field in search command like
| search 'searchval'
Can someone help? Thanks for the help.
... View more
- Tags:
- splunk-search
Labels
- Labels:
-
eval
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-11-2022
07:24 AM
|
