cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sajalbansal2
Explorer
Member since: ‎06-17-2022
‎08-31-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎06-17-2022
Activity Feed
View All

Re: Splunk Dashboard panel display depending on us...

by in All Apps and Add-ons
‎07-22-2022 07:22 AM
‎07-22-2022 07:22 AM
Below is the code that I have recently edited. I suppose it will try to give an idea of what I want to achieve. Although, this is not working: <drilldown> <set token="catch_value">$click.value$</set> <eval>    if("$catch_value$"=='productA',<set token="showpanelofA">true</set>,<unset  token="showpanelofA">true</unset>) </eval> <eval>     if("$catch_value$"=='productB',<set token="showpanelofB">true</set>,<unset token="showpanelofB">true</unset>) </eval> <eval> if("$catch_value$"=='productC',<set token="showpanelofC">true</set>,<unset token="showpanelofC">true</unset>) </eval> </drilldown> ... View more

How to create Splunk Dashboard panel display depen...

by in All Apps and Add-ons
‎07-22-2022 05:55 AM
‎07-22-2022 05:55 AM
Hi All, I want to display a panel depending on the value clicked by a user from a table of results. Let me explain the problem with below example: Say I have a dashboard which lists top 3 products sold and their related figures. Panel 1 = top 3 products sold. (let products names be A, B and C) Panel 2 = this is an interactive panel which displays sales figures and more information about product A, only when a user clicks on the product A event from panel 1. Panel 3 = this is an interactive panel which displays sales figures and more information about product B, only when a user clicks on the product B event from panel 1. Panel 4 = this is an interactive panel which displays sales figures and more information about product C, only when a user clicks on the product C event from panel 1. This means at a time my dashboard would display only 2 panels, panel 1 and panel 2 or 3 or 4 (depending on the product event clicked by the user). My approach to solve this: I am trying to use drilldown on panel 1 to capture the clicked value from it and storing it in a token. Then I am using <condition> to match the value captured in that token to set and unset tokens related to panels 2, 3 and 4. Then I'm using these tokens to show (depends) and hide (rejects) panels 2,3 and 4. Doing this, I'm getting warnings such as "<set> is not allowed in condition-drilldown block" etc. Can anyone please guide me on how to solve this problem? Thanks, Sajal ... View more
Labels

Re: The "ltrim" problem

by in Splunk Search
‎06-30-2022 05:46 AM
‎06-30-2022 05:46 AM
@ITWhisperer , many thanks for providing a quick solution. Apologies for my late reply. What I used to solve the problem was slightly different but definitely lengthy (in terms of functions, commands used). See below example for my solution: | makeresults | eval username="dev_vishal" | eval devFlag=if(match(username,".*dev_*."),1,0), tempName=split(username,"_") | eval newUsername = if(devFlag=1,mvindex(tempName,1),username) | table username newUsername Output: username = dev_vishal newUsername = vishal Problem is, now I'm receiving some logs where usernames are a bit different such as, USER_sajal, temp_sajal etc. So to handle that, I would use your suggestion above i.e the "rex" command. See below example: | eval username="dev_vishal" | rex field=username "\w+_(?<newUsername>.*)" In this way it would work for all kinds of usernames. Be it dev_vishal, USER_sajal or temp_sajal etc. Thanks, Sajal ... View more

The "ltrim" problem

by in Splunk Search
‎06-17-2022 10:55 PM
‎06-17-2022 10:55 PM
Hi Everyone, There's a small problem I'm having while using the ltrim function. Query: | makeresults | eval username="dev_vishal" | eval trimName=ltrim(username,"dev_") | table username trimName Output: username = dev_vishal trimName = ishal What I really want is to trim the "dev_" out of "dev_vishal". I noticed that this works well with any other username which does not start with a "v". For example: Query: | makeresults | eval username="dev_sajal" | eval trimName=ltrim(username,"dev_") | table username trimName Output: username = dev_sajal trimName = sajal Request the Splunk community to please help me with this. Thanks, Sajal ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-31-2022 12:15 AM
Karma given to
View All