Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About chenfan
chenfan
Explorer
Member since:
11-26-2022
2 weeks ago
Community Statistics
| Posts | 23 |
| Solutions | 0 |
| Karma Given | 5 |
| Karma Received | 0 |
| Member Since | 11-26-2022 |
Activity Feed
- Posted How to scale out a multisite cluster on Splunk Enterprise. 2 weeks ago
- Posted Re: Modify Map Colors In Dashboard Studio on Dashboards & Visualizations. 12-30-2025 10:09 PM
- Posted Re: Modify Map Colors In Dashboard Studio on Dashboards & Visualizations. 12-29-2025 09:56 PM
- Posted Modify Map Colors In Dashboard Studio on Dashboards & Visualizations. 12-29-2025 09:53 PM
- Posted Re: How to add a % symbol to the Y-axis of a Column Chart on Dashboards & Visualizations. 12-29-2025 01:07 AM
- Posted Re: How to add a % symbol to the Y-axis of a Column Chart on Dashboards & Visualizations. 12-29-2025 01:05 AM
- Karma Re: How to add a % symbol to the Y-axis of a Column Chart for livehybrid. 12-29-2025 01:05 AM
- Posted How to add a % symbol to the Y-axis of a Column Chart on Dashboards & Visualizations. 12-25-2025 10:32 PM
- Posted Re: Authorization Token Not Work on Splunk Enterprise. 07-01-2025 10:26 PM
- Posted Re: Authorization Token Not Work on Splunk Enterprise. 07-01-2025 10:25 PM
- Karma Re: Authorization Token Not Work for livehybrid. 07-01-2025 10:24 PM
- Posted Re: Authorization Token Not Work on Splunk Enterprise. 07-01-2025 02:06 AM
- Posted Authorization Token Not Work on Splunk Enterprise. 07-01-2025 12:15 AM
- Posted Re: Modify Dashboard Studio Field Value‘s Color on Dashboards & Visualizations. 05-13-2025 08:31 PM
- Posted Re: Modify Dashboard Studio Field Value‘s Color on Dashboards & Visualizations. 05-13-2025 09:37 AM
- Posted Modify Dashboard Studio Field Value‘s Color on Dashboards & Visualizations. 05-13-2025 09:36 AM
- Posted Re: Why to use syslog or tcp output? on Getting Data In. 05-13-2025 09:20 AM
- Posted Re: Why to use syslog or tcp output? on Getting Data In. 05-13-2025 09:14 AM
- Karma Re: Why to use syslog or tcp output? for gcusello. 05-13-2025 08:05 AM
- Posted Re: Using a second field to color a Single Value in Dashboard Studio on Dashboards & Visualizations. 05-08-2025 01:33 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
2 weeks ago
Hi Splunkers, I recently encountered a requirement to expand our existing multisite indexer cluster. We need to add new sites and deploy search heads in the new sites. These search heads must join the existing search head cluster, but each site’s search heads should only search data stored locally in their own site. Current Cluster Manager (Master) Configuration [general] site = site0 [clustering] available_sites = site5,site6,site7,site8 mode = master multisite = true pass4SymmKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX site_replication_factor = origin:1,site8:1,total:2 site_search_factor = origin:1,site8:1,total:2 rebalance_threshold = 0.9 cluster_label = eg_idxc maintenance_mode = false site_mappings = site1:site8,site2:site6,site3:site7,site4:site5 constrain_singlesite_buckets = false replication_factor = 2 Planned Changes We plan to add site9, site10, site11, and site12. Site12 must also store a copy of the data. The updated Cluster Manager configuration will be: [general] site = site0 [clustering] available_sites = site5,site6,site7,site8,site9,site10,site11,site12 mode = master multisite = true site_replication_factor = origin:1,site8:1,site12:1,total:3 site_search_factor = origin:1,site8:1,site12:1,total:3 rebalance_threshold = 0.9 cluster_label = eg_idxc maintenance_mode = false site_mappings = site1:site8,site2:site6,site3:site7,site4:site5 constrain_singlesite_buckets = false replication_factor = 3 Indexer Expansion (Example: site12) Add indexer peers to the multisite cluster: splunk edit cluster-config -mode peer -site site1 -manager_uri https://$CM_IP$:8089 -replication_port 9887 -secret $cluster_secret_password$ Search Head Expansion (New Site Search Heads) Initialize Search Head Cluster Config: splunk init shcluster-config -auth <username>:<password> -mgmt_uri <URI>:<management_port> -replication_port <replication_port> -replication_factor <n> -conf_deploy_fetch_url <URL>:<management_port> -secret <security_key> -shcluster_label <label> Join the Existing SHC and Bind to site12: splunk edit cluster-config -mode searchhead -site site12 -master_uri https://$CM_IP$:8089 -secret $cluster_secret_password$ -auth login:password If anyone has suggestions or sees potential issues with this approach—especially around site affinity behavior or search factor design—please let me know. Thanks in advance!
... View more
Labels
- Labels:
-
using Splunk Enterprise
12-30-2025
10:09 PM
Hi @tscroggins Thankyou for your reply! When my data only includes "normal" and "critical" statuses, the color assigned to "critical" is yellow——and that’s not what I want.
... View more
12-29-2025
09:56 PM
HI @livehybrid Can you give me some suggestion? Thankyou!
... View more
12-29-2025
09:53 PM
Hello Splunkers, I've been having issues with Dashboard Studio lately that have been bothering me. I'd really appreciate any advice. I want to assign different colors to data based on different field values—green for "normal", yellow for "warning", and red for "critical". I've tried the following configurations, but none of them have worked. { "type": "splunk.map", "options": { "center": [ 34.266, 108.945 ], "zoom": 2.3155822324586683, "layers": [ { "seriesColors": [ "#00FF00", "#FFFF00", "#FF0000", "bubbleSize": "> primary | frameBySeriesNames('normal','warning','critical')" } ] }, "dataSources": { "primary": "ds_PHhx1Fxi" }, "context": {}, "showProgressBar": false, "showLastUpdated": false }
... View more
Labels
- Labels:
-
Dashboard Studio
12-29-2025
01:07 AM
Thank you for your reply. I have also tried, but I couldn't achieve the desired effect.
... View more
12-29-2025
01:05 AM
Thank you for your reply. Since I'm using Dashboard Studio, the classic method may not be applicable.
... View more
12-25-2025
10:32 PM
Hi Splunkers How to configure Dashboard Studio to display a % symbol after the numbers on the Y-axis, for example, 15%. Thankyou for your Support!
... View more
07-01-2025
10:26 PM
Thank you for your advice, I ignored the token content and cloesd it.
... View more
07-01-2025
02:06 AM
Hi @livehybrid Thankyou for your reply! I have tried,but it not work. And this is my token
... View more
07-01-2025
12:15 AM
Hi Splunker, I tried to enable/disable with API, but I encountered problems with token authentication. I always get the following error. I have also adjusted the API information, but I still can't solve this problem. curl -v -X POST -k -H "Authorization: Bearer dc73xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "https://mysplunkserver:8089/servicesNS/nobody/my_app/saved/searches/testalertapi" -d enabled=0 It will be really great if you could share some working examples somewhere in your documentation. Thanks in advance!
... View more
05-13-2025
08:31 PM
Hi @bowesmana Can you help me to check it, thanks!
... View more
05-13-2025
09:37 AM
@isoutamo Can you help me to check it, thanks!
... View more
05-13-2025
09:36 AM
Hello Splunkers, I've been having problems with Dashboard Studio recently and it has been bothering me for a long time. It would be great if you could give me some suggestions. I want to assign different colors according to different field values. I have made the following configurations, but they haven't taken effect. { "type": "splunk.map", "options": { "center": [ 24.007647480837704, 107.43997967141127 ], "zoom": 2.3155822324586683, "showBaseLayer": true, "layers": [ { "type": "bubble", "latitude": "> primary | seriesByName('latitude')", "longitude": "> primary | seriesByName('longitude')", "bubbleSize": "> primary | frameWithoutSeriesNames('_geo_bounds_east', '_geo_bounds_west', '_geo_bounds_north', '_geo_bounds_south', 'latitude', 'longitude') | frameBySeriesTypes('number')", "dataColors": " > primary | seriesByName('status') | matchValue('colorMatchConfig')" } ] }, "dataSources": { "primary": "ds_PHhx1Fxi" }, "context": { "colorMatchConfig": [ { "match": "high", "value": "#FF0000" }, { "match": "low", "value": "#00FF00" }, { "match": "critical", "value": "#0000FF" } ] }, "containerOptions": {}, "showProgressBar": false, "showLastUpdated": false }
... View more
05-13-2025
09:20 AM
Hi @gcusello { "type": "splunk.map", "options": { "center": [ 24.007647480837704, 107.43997967141127 ], "zoom": 2.3155822324586683, "showBaseLayer": true, "layers": [ { "type": "bubble", "latitude": "> primary | seriesByName('latitude')", "longitude": "> primary | seriesByName('longitude')", "bubbleSize": "> primary | frameWithoutSeriesNames('_geo_bounds_east', '_geo_bounds_west', '_geo_bounds_north', '_geo_bounds_south', 'latitude', 'longitude') | frameBySeriesTypes('number')", "dataColors": " > primary | seriesByName('status') | matchValue('colorMatchConfig')" } ] }, "dataSources": { "primary": "ds_PHhx1Fxi" }, "context": { "colorMatchConfig": [ { "match": "high", "value": "#FF0000" }, { "match": "low", "value": "#00FF00" }, { "match": "critical", "value": "#0000FF" } ] }, "containerOptions": {}, "showProgressBar": false, "showLastUpdated": false }
... View more
05-13-2025
09:14 AM
Hi @gcusello Thankyou for your support, you are my hero! I've been having problems with Dashboard Studio recently and it has been bothering me for a long time. It would be great if you could give me some suggestions. I want to assign different colors according to different field values. I have made the following configurations, but they haven't taken effect. Can help me to check it.
... View more
05-08-2025
01:33 AM
Hi @livehybrid I've also faced a similar problem. I want to specify the color corresponding to the field value in the map view, but the modification I made doesn't take effect. Could you please help me check it? { "type": "splunk.map", "options": { "center": [ -3.337953961431438, 79.98046874997863 ], "zoom": 2, "showBaseLayer": true, "layers": [ { "type": "bubble", "latitude": "> primary | seriesByName('latitude')", "longitude": "> primary | seriesByName('longitude')", "bubbleSize": "> primary | frameWithoutSeriesNames('_geo_bounds_east', '_geo_bounds_west', '_geo_bounds_north', '_geo_bounds_south', 'latitude', 'longitude') | frameBySeriesTypes('number')", "dataColors": " > primary | seriesByName('status') | matchValue('colorMatchConfig')" } ] }, "dataSources": { "primary": "ds_PHhx1Fxi" }, "context": { "colorMatchConfig": [ { "match": "high", "value": "#FF0000" }, { "match": "low", "value": "#00FF00" }, { "match": "critical", "value": "#0000FF" } ] }, "containerOptions": {}, "showProgressBar": false, "showLastUpdated": false }
... View more
03-25-2025
11:46 PM
Hi @gcusello If I want to use Heavy Forwarder to forward received Syslog logs to a target server that does not have Splunk instance, can you give me some advice?Thankyou!
... View more
03-24-2025
11:43 PM
Hi, @gcusello Considering various factors, we have decided to directly deploy a new Splunk Enterprise 9.3.X instance. Can we directly deploy the License file to the new instance?
... View more
03-04-2025
11:42 PM
Hi @gcusello Thank you for your reply! Can I upgrade the platform from version 7.x.x to version 9.3.x and then uniformly upgrade the Apps/Add-ons to their latest versions? Will this have an impact on my system?
... View more
02-21-2025
12:32 AM
Hi @gcusello, Thankyou for your reply, it's very helpful for me. Can it be directly upgraded from 7.2.x to 9.2.x since it is a single node?
... View more
02-20-2025
11:26 PM
Hi @gcusello I am very confused, if we upgrade Splunk Enterprise from version 7.x.x to version 9.x.x, what impact will it have on the license? And will it affect the use of functions?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
