×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Maximussss
Explorer
Member since: ‎11-02-2023
‎11-02-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎11-02-2023
Activity Feed
View All

Re: Splunk dashboard drop-down menu has spaces in ...

by in Dashboards & Visualizations
‎11-02-2023 12:12 PM
‎11-02-2023 12:12 PM
@ITWhisperer Want to say THANK YOU again! Just tried to wrap it and everything worked. It took me a while to understand that I need to wrap it not in the main query but in my additional part when I'm trying to pass the token to other components. ... View more

Re: Splunk dashboard drop-down menu has spaces in ...

by in Dashboards & Visualizations
‎11-02-2023 08:48 AM
‎11-02-2023 08:48 AM
This name already comes from OKTA logs with dot, unfortunately I wont be able to change it. Need to work with what I have. Thank you for help! A appreciate it! ... View more

Re: Splunk dashboard drop-down menu has spaces in ...

by in Dashboards & Visualizations
‎11-02-2023 08:10 AM
‎11-02-2023 08:10 AM
Thank you for your advice, in this case if my token name is for example "actor.displayName" in this case in the main query in need to wrap it like this? :  $"actor.displayName"|s$ Sorry for asking probably very basic question... ... View more

Splunk dashboard drop-down menu has spaces in the ...

by in Dashboards & Visualizations
‎11-02-2023 06:43 AM
‎11-02-2023 06:43 AM
I'm trying to create own Splunk (dashboard) queries for Okta data analysis. I'm having issues because a specific field has a space in the value and it's causing the dashboard to not be able to retrieve data (when I know there is data). 3 other drop-down menus work fine (there is no spaces in the values there). My main suspicion that the reason of failure is because of that spaces.  I'm trying to transform the values and remove spaces, in the hope that would help.  I Found some recommendations online and examples of functions, but I'm not very experienced with Splunk, can anyone explain step by step how I could solve that issue? If the name of my field with issues is "actor.displayName"  (it has multiple spaces in the values). Examples found online: 1) | rex mode=sed field=A "s/ //g" 2) | eval nospace=trim(A) 3)| rex field=field1 "(?<newfield>\S+)" 4)|eval NewField=trim(OldField) Has anyone encountered this issue before? Thanks for help! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-02-2023 04:08 PM
Karma given to
View All