Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About emilep
emilep
Explorer
Member since:
12-09-2022
06-21-2024
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 12-09-2022 |
Activity Feed
- Got Karma for Dashboard studio - choropleth map static - legend. 06-17-2025 04:39 PM
- Posted Dashboard studio - choropleth map static - legend on Splunk Enterprise. 04-22-2024 02:53 AM
- Tagged Dashboard studio - choropleth map static - legend on Splunk Enterprise. 04-22-2024 02:53 AM
- Posted Re: Drill Down and conditional queries on Splunk Search. 02-26-2024 04:48 AM
- Posted Drill Down and conditional queries on Splunk Search. 02-25-2024 09:21 AM
- Posted Re: Transpose question on Knowledge Management. 10-09-2023 04:53 AM
- Posted Re: Transpose question on Knowledge Management. 10-09-2023 02:16 AM
- Posted Transpose question on Knowledge Management. 10-09-2023 01:32 AM
- Tagged Transpose question on Knowledge Management. 10-09-2023 01:32 AM
- Tagged Transpose question on Knowledge Management. 10-09-2023 01:32 AM
- Posted Re: Subquery - modify format with multiple conditions on Splunk Search. 05-01-2023 11:21 PM
- Posted Subquery - How can I modify format with multiple conditions? on Splunk Search. 04-29-2023 02:56 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 0 | |||
| 0 | |||
| 0 |
04-22-2024
02:53 AM
1 Karma
Hello, It seems that in the dashboard studio the static choropleth map has no legend. Here is the spl:
index=xxxxxxxx sourcetype=yyyyyy mailgate* src=*
| iplocation src
| stats count by Country
| geom geo_countries allFeatures=True featureIdField=Country
If I put this map in a classic dashboard I get the map with the legend but in the dashboard studio no legend is showed. Is it a way to show this legend in the dashboard studio? Regards, Emile
... View more
- Tags:
- Dashboard Studio
Labels
- Labels:
-
using Splunk Enterprise
02-25-2024
09:21 AM
In a drilldown, I have 2 possible queries and they look like: qry1=index=fed:xxx_yyyy sourcetype="aaaaa:bbbbb:cccc" source_domain="$token_source_domain$" AND ( mid="$token_mid$" OR "MID $token_mid$") qry2=index=fed:xxx_yyyy sourcetype="aaaaa:bbbbb:cccc" source_domain="$token_source_domain$" AND (icid="$token_icid$" OR mid="$token_mid$" OR "MID $token_mid$") if "$token_icid$==0 execute qry1 else execute qry2 How it can be achieve ? Chatgtp give this answer but not working index=fed:xxx_yyyy sourcetype="aaaaa:bbbbb:cccc" source_domain="$token_source_domain$" AND ( (($token_icid$=="0") AND (mid="$token_mid$")) OR (($token_icid$!="0") AND (icid="$token_icid$")) OR mid="$token_mid$" OR "MID $token_mid$" )
... View more
Labels
- Labels:
-
table
10-09-2023
04:53 AM
Hi @ITWhisperer , Here it seems that transpose was not the good approach. Your solution is working as expected. Many thanks, Emile
... View more
10-09-2023
02:16 AM
The result without the transpose looks like: reputation rep_perc spam spam_perc virus virus_perc 740284221 82.46 9695175 1.08 700 0.000078 I would like to include this table in a glass table, but as it is formatted here it taking to much place.
... View more
10-09-2023
01:32 AM
Hi,
I have a query like:
index=federated:ccs_rmail sourcetype="rmail:KIC:reports"
| dedup _time
| timechart span=1mon sum(cisco_*) as cisco_*
| addtotals
| eval rep_perc = round(cisco_stoppedbyreputation/Total*100,2),
spam_perc =round(cisco_spam/Total*100,2),
virus_perc=round(cisco_virus/Total*100,6)
| table cisco_stoppedbyreputation,rep_perc,cisco_spam,spam_perc,cisco_virus,virus_perc
| rename cisco_spam as spam, cisco_virus as virus,cisco_stoppedbyreputation as reputation
| transpose
The result look like:
column
row 1
reputation
740284221
rep_perc
82.46
spam
9695175
spam_perc
1.08
virus
700
virus_perc
0.000078
Is it possible to have something like this?
Name
#
%
reputation
740284221
82.46
spam
9695175
1.08
virus
700
0.000078
Thanks, Emile
... View more
05-01-2023
11:21 PM
As it exist some priority between AND and OR, it is right that the supplementary parentheses have no sense. To solve my problem i used the command replace like this: ...|format|eval search = replace(search, "AND mid=", "OR mid=") It is not perfect but it is working for now ... Thanks for your help.
... View more
04-29-2023
02:56 AM
Hello, The default format of my subsearch result looks like:
(( Host_Name="srv1" AND icid="va1_icid1" AND mid="val_mid1" ) OR ( Host_Name="srv2" AND icid="va1_icid2" AND mid="val_mid2" ))
I would like to modify subsearch format result like:
(( Host_Name="srv1" AND ( icid="va1_icid1" OR mid="val_mid1" )) OR ( Host_Name="srv2" AND ( icid="va1_icid2" OR mid="val_mid2" )))
Do you think it is possible?
Regards, Emile
... View more
