I have a file that's updated every 5 minutes, it's populated my capturing a value in a URL using python code. (the value is "OK" or "bad"). I want to use the new file (that created every 5 minutes) in a splunk classic dashboard. I'm using the splunk cloud enterprise, and I'm not sure how to go about automating this process.  Is there a way to update/replace a file in the lookup table files? Or some other way I can go about adding in the new file after every refresh to the dashboard?   ... View more

I am working in Classic dashboard. I have a gateway address (URL: abc23.com ) I want to check this value after every dashboard refresh. Either display the results of the URL and/or single value visual with green and red colors. Green is for when the URL status is set to "OK", else is "Red".  Any ideas on how I can accomplish this task?   I created a python scrip that extracts the value into a log and then the dashboard checks the log but this doesn't seem like the best approach and not really what I want.  ... View more

I'm not exactly sure what I need here.  I have a multiselect:       <input type="multiselect" token="t_resource"> <label>Resource</label> <choice value="*">All</choice> <prefix>IN(</prefix> <suffix>)</suffix> <delimiter>,</delimiter> <fieldForLabel>resource</fieldForLabel> <fieldForValue>resource</fieldForValue> <search base="base_search"> <query>| dedup resource | table resource</query>       Table visual search:     | search status_code $t_code$ resource $t_resource$ HourBucket = $t_hour$ | bin _time span=1h | stats count(status_code) as StatusCodeCount by _time, status_code, resource | eventstats sum(StatusCodeCount) as TotalCount by _time, resource | eval PercentageTotalCount = round((StatusCodeCount / TotalCount) * 100, 2) | eval 200Flag = case( status_code=200 AND PercentageTotalCount < 89, "Red", status_code=200 AND PercentageTotalCount < 94, "Yellow", status_code=200 AND PercentageTotalCount <= 100, "Green", 1=1, null) | eval HourBucket = strftime(_time, "%H") | table _time, HourBucket, resource, status_code, StatusCodeCount, PercentageTotalCount, 200Flag     I also have a table, sample data below: _time resource 1/10/2024 Red 1/10/2024 Green   When the user select the multiselect dropdown and selects "ALL" (which is the default) the resource column should aggregate all the resource and display the resource as "All". But If the user select individual resources, such as "Red" and "Green" these should be shown and broken down by resource.    ... View more

Hello, can someone provide feedback on how I can change the color of my panel to transparent? Below is my code snippet. I'm not great with CSS or XML. I was using dashboard studio which was straight forward on how to change but I'm back with classic for now.  <panel> <single> <title>Total First Time</title> <search base="base_search"> <query>|search Cur= $t_cur$ | bin _time span=$t_bin$ | stats sum(FirstTime) as sumFirstTime by Category</query> </search> <option name="drilldown">none</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> </single> </panel>   ... View more

I have the below search and I'm trying to search for different time periods within each search.  So for example msg="*Completed *" is using the timepicker input.  I would like to search for data one hour before the timepicker search (so this should be dynamic) for msg="*First *" I'm not sure if this is possible. I'm comparing these two searches and the initial log msg="*First*" can occur several minutes before the msg=*Completed*" log. So when I compare some of these log messages get cut off depending on when I select my timepicker. I would like to search for these message 1 hour before my timepicker selection.  Long term this search will go into a splunk dashboard.    (index=color name IN ("green","blue") msg="*First *" ```earliest="11/09/2023:09:00:00" latest="11/09/2023:12:59:59"```) OR (index=color name IN ("blue2","green2") msg="*Completed *")     ... View more

I have a multiselect that does not interact with my Trellis chart. I would say; it's not defined in my base search but not sure how to identify the issue and how to fix? BASE Search: | eval Pat=spath(json, "Info.Pat.Time") | eval Con=spath(json, "Info.Con.Time") | eval Cov=spath(json, "Info.Cov.Time") | eval Category = RED | table _time, Pat, Con, Cov, Category  Mulit-Select: | eval SysTime = Category + ":" + _time | fields - Category | untable SysTime Reason CurationValue | eval Category = mvindex(split(SysTime, ":"), 0) | eval _time = mvindex(split(SysTime, ":"), 1) | fields - SysTime | table Reason | dedup Reason Chart: | search Category $t_category$ Reason $t_reason$ | timechart span=1h avg(Pat) as Pat, avg(Con) as Con, avg(Cov) as Cov   ... View more