Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About El_Franco
El_Franco
Explorer
Member since:
10-03-2023
05-09-2025
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 10-03-2023 |
Activity Feed
- Posted Re: Dynamic Hyperlinks between Pre-Production and Production on Dashboards & Visualizations. 06-10-2024 01:45 AM
- Posted Re: Dynamic Hyperlinks between Pre-Production and Production on Dashboards & Visualizations. 06-10-2024 12:09 AM
- Posted Dynamic Hyperlinks between Pre-Production and Production on Dashboards & Visualizations. 06-07-2024 07:21 AM
- Posted Re: Searching a block of text for multiple values from a list. on Splunk Search. 12-19-2023 08:04 AM
- Karma Re: Searching a block of text for multiple values from a list. for dtburrows3. 12-19-2023 08:04 AM
- Posted Re: Searching a block of text for multiple values from a list. on Splunk Search. 12-19-2023 08:02 AM
- Posted Searching a block of text for multiple values from a list. on Splunk Search. 12-19-2023 07:44 AM
- Posted How to return data based on search of one Source and lookup to a second on Splunk Search. 10-03-2023 07:51 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
06-10-2024
01:45 AM
I have added the following to a dashboard to try and set the variable when it loads: <init>
<condition match="$env:instance_type$ == cloud">
<set token="URL">Chips</set>
</condition>
<condition>
<set token="URL">Fish</set>
</condition>
</init> While the $env:instance_type$ works to bring back the details of the environment when I map it directly in an HTML block it does not seem to want to evaluate in the initiate tags... I do not really want to push this into the parameters on the dashboard as this will confuse users and end up with mistakes happening - is there anywhere else I can set this seamlessly as the dashboard loads?
... View more
06-10-2024
12:09 AM
Thanks - tokens look promising enough... i can check if it is Cloud and if so set the token to one value, if not as another.
... View more
06-07-2024
07:21 AM
We have a pre-production environment which is totally separate to our production environment. A number of our dashboards utilise hyperlinks back into source systems to view complete records, and part of the urls are different due to IP addresses on the two environemnts. What I would like to do is be able to set a global setting so that we can utilise the same dashboards without having to recode the link when we migrate from pre-produciton to production. I have tried to use a marco but as these are limited to search it did not effect the link target, is there any other way that we can do this without having to put in steps in migration to ammend the URLs? Thanks, Steven
... View more
Labels
- Labels:
-
Classic dashboard
12-19-2023
08:04 AM
Thanks - that is a lot more detailed than my solution and I like the intersection - that will be useful for me to help people know what was in there - we often have hundreds of keys returned and to see which ones were retuned is really useful. Thanks, Steven
... View more
12-19-2023
08:02 AM
And I have managed to solve it.. should have fetched a coffee before posting I guess. So just needed to add a |Search and IN after the |Split index="PreProduction" source="Transactions" | eval KeysSplit=split(Keys,", ") | search PKSSplit IN($ObjectRefs$) I can then |table my results. Hopefully this may be useful to someone else.
... View more
12-19-2023
07:44 AM
I have an index set up that holds a number of fields, one of which is a comma separated list of reference numbers and I need to be able to search within this field via a dashboard. This is fine for a single reference as we can just search within the field and on the parameter on the dashboard prefix/suffix with wildcards but for multiple values, which can be significant, I can not see a way of searching While I have looked at |split and In neither seem to provide what I need though that may be down to what I tried. Example data: Keys="272476, 272529, 274669, 714062, 714273, 845143, 851056, 853957, 855183" I need to be able to enter in any number of keys, in any order, and find any records that contain ANY of the keys - not all of them in a set order. So for the above it should return if I search for (853957) or (855183, 714062) or (272476, 714062, 855183) Is anyone able to point me towards a logical solution on this - it will be a key aspect of our use of SPLUNK to enable users to copy/paste a list of reference numbers and assess where these occur in our logs.
... View more
Labels
- Labels:
-
subsearch
10-03-2023
07:51 AM
Hopefully this will set the issue out clearly. I have two sources, Transaction and Request. The Transaction holds the transaction id, date and time and user details of a user transaction. The Request holds the request id, transaction id and an XML string with details of a users search. I have a query that searches the Request and returns those searches which contain specific strings. However i need to show the user details on the results table. index="PreProdIndex" source="Request"
"<stringCriterion fieldName=\"Product\" operator=\"equals\" value=\"Soup\"/>"
OR "<stringCriterion fieldName=\"Product\" operator=\"equals\" value=\"Biscuits\"/>"
| table REQUEST_DATE_TIME REQUEST So I need to add onto the table USER_DETAILS from the Source "Transaction" to the above query based on the common key of the Transaction ID. In SQL I would simply put in a join on Transaction.ID=Request.Transaction_ID and all would be good but I have failed to find anything that gives a SPLUNK solution yet.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-09-2025
09:49 AM
|
