Activity Feed
- Posted Splunk UI Toolkit on Splunk Cloud on Splunk Cloud Platform. 02-04-2025 01:23 AM
- Karma Re: Editing the style of the Saved Episode Reviews for marnall. 09-30-2024 08:45 AM
- Posted Re: Editing the style of the Saved Episode Reviews on Splunk ITSI. 09-30-2024 08:44 AM
- Posted Editing the style of the Saved Episode Reviews on Splunk ITSI. 09-27-2024 03:43 AM
- Posted Re: Customize the Episode Review dashboard using a JSON-formatted dashboard definition on Splunk ITSI. 09-27-2024 03:04 AM
- Posted Re: Customize the Episode Review dashboard using a JSON-formatted dashboard definition on Splunk ITSI. 09-26-2024 08:00 AM
- Posted Re: Customize the Episode Review dashboard using a JSON-formatted dashboard definition on Splunk ITSI. 09-26-2024 06:47 AM
- Karma Re: Customize the Episode Review dashboard using a JSON-formatted dashboard definition for ITWhisperer. 09-26-2024 06:47 AM
- Posted Customize the Episode Review dashboard using a JSON-formatted dashboard definition on Splunk ITSI. 09-26-2024 03:11 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
02-04-2025
01:23 AM
Hello, Splunkers! Couple of days ago I was trying to test the Splunk UI Toolkit, but I couldn't connect to Splunk Cloud, I also couldn't find any documentation related to Cloud, so do you know how to make it work? I'll really appreciate your help and reply 😀 Maximiliano Lopes
... View more
Labels
- Labels:
-
development
-
using Splunk Cloud
09-30-2024
08:44 AM
Unfortunately, I can't recreate outside the ITSI App because the problem is inside the ITSI event management. The source code doesn't have anything about the Table that I talked about, btw. But, thank you for trying to help 🤝🙂 Maximiliano Lopes
... View more
09-27-2024
03:43 AM
Hello, Friends! So, I tried to change the height of the gap between these components: But in the Edit Dashboard I didn't find anything to change this: Thank you, guys 🙂
... View more
Labels
- Labels:
-
configuration
-
using ITSI
09-27-2024
03:04 AM
So, I didn't find how to use a base search, and then I just decided to proceed with a simple query as well in the Search Page. P.S. The stuff between ` are Macros, you can check here: https://itsi-*.splunkcloud.com/en-GB/manager/itsi/data/macros , it's interesting things but is not helpful for me right now. Thank you, friend! Maximiliano Lopes
... View more
09-26-2024
08:00 AM
This is the problem, I don't how this works... but I want to use the data that appears on the table in the bottom:
... View more
09-26-2024
06:47 AM
Hello, @ITWhisperer ! Yes, actually I'm editing the dashboard on https://itsi-*.splunkcloud.com/en-US/app/itsi/itsi_event_management? , and this is the view: I'm looking for a way to make a simple query in the results, like this code snippet: "dsQueryCounterSearch1": {
"options": {
"query": "| where AlertSource = AWS and AlertSeverity IN (6,5,4,3,1) | dedup Identifier | stats count as AWS",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
}, but doesn't return anything, any ideia how to refer the base search like the default querys? P.S: This data:
... View more
09-26-2024
03:11 AM
Hello, guys! I'm trying to use the episodes table as the base search in the Edit Dashboard view, as well in the Dashboard Classic using the source, but here we already have the results in the table. I'll attach my code snippet below: {
"dataSources": {
"dsQueryCounterSearch1": {
"options": {
"query": "| where AlertSource = AWS and AlertSeverity IN (6,5,4,3,1) | dedup Identifier | stats count as AWS",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
},
"mttrSearch": {
"options": {
"query": "| `itsi_event_management_get_mean_time(resolved)`",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
},
"episodesBySeveritySearch": {
"options": {
"query": "|`itsi_event_management_episode_by_severity`",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
},
"noiseReductionSearch": {
"options": {
"query": "| `itsi_event_management_noise_reduction`",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
},
"percentAckSearch": {
"options": {
"query": "| `itsi_event_management_get_episode_count(acknowledged)` | eval acknowledgedPercent=(Acknowledged/total)*100 | table acknowledgedPercent",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
},
"mttaSearch": {
"options": {
"query": "| `itsi_event_management_get_mean_time(acknowledged)`",
"queryParameters": {
"earliest": "$earliest_time$",
"latest": "$latest_time$"
}
},
"type": "ds.search"
}
},
"visualizations": {
"vizQueryCounterSearch1": {
"title": "Query Counter 1",
"type": "splunk.singlevalue",
"options": {
"backgroundColor": "#ffffff",
"sparklineDisplay": "off",
"trendDisplay": "off",
"trendValue": 0
},
"dataSources": {
"primary": "dsQueryCounterSearch1"
}
},
"episodesBySeverity": {
"title": "Episodes by Severity",
"type": "splunk.bar",
"options": {
"backgroundColor": "#ffffff",
"barSpacing": 5,
"dataValuesDisplay": "all",
"legendDisplay": "off",
"showYMajorGridLines": false,
"yAxisLabelVisibility": "hide",
"xAxisMajorTickVisibility": "hide",
"yAxisMajorTickVisibility": "hide",
"xAxisTitleVisibility": "hide",
"yAxisTitleVisibility": "hide"
},
"dataSources": {
"primary": "episodesBySeveritySearch"
}
},
"noiseReduction": {
"title": "Total Noise Reduction",
"type": "splunk.singlevalue",
"options": {
"backgroundColor": "> majorValue | rangeValue(backgroundColorThresholds)",
"numberPrecision": 2,
"sparklineDisplay": "off",
"trendDisplay": "off",
"trendValue": 0,
"unit": "%"
},
"context": {
"backgroundColorThresholds": [
{
"from": 95,
"value": "#65a637"
},
{
"from": 90,
"to": 95,
"value": "#6db7c6"
},
{
"from": 87,
"to": 90,
"value": "#f7bc38"
},
{
"from": 85,
"to": 87,
"value": "#f58f39"
},
{
"to": 85,
"value": "#d93f3c"
}
]
},
"dataSources": {
"primary": "noiseReductionSearch"
}
},
"percentAck": {
"title": "Episodes Acknowledged",
"type": "splunk.singlevalue",
"options": {
"backgroundColor": "#ffffff",
"numberPrecision": 2,
"sparklineDisplay": "off",
"trendDisplay": "off",
"trendValue": 0,
"unit": "%"
},
"dataSources": {
"primary": "percentAckSearch"
}
},
"mtta": {
"title": "Mean Time to Acknowledged",
"type": "splunk.singlevalue",
"options": {
"backgroundColor": "#ffffff",
"sparklineDisplay": "off",
"trendDisplay": "off",
"trendValue": 0,
"unit": "minutes"
},
"dataSources": {
"primary": "mttaSearch"
}
}
},
"layout": {
"type": "grid",
"options": {
"display": "auto-scale",
"height": 240,
"width": 1440
},
"structure": [
{
"item": "vizQueryCounterSearch1",
"type": "block",
"position": {
"x": 0,
"y": 80,
"w": 288,
"h": 220
}
},
{
"item": "episodesBySeverity",
"type": "block",
"position": {
"x": 288,
"y": 80,
"w": 288,
"h": 220
}
},
{
"item": "noiseReduction",
"type": "block",
"position": {
"x": 576,
"y": 80,
"w": 288,
"h": 220
}
},
{
"item": "percentAck",
"type": "block",
"position": {
"x": 864,
"y": 80,
"w": 288,
"h": 220
}
},
{
"item": "mtta",
"type": "block",
"position": {
"x": 1152,
"y": 80,
"w": 288,
"h": 220
}
}
]
}
} I really appreciate your help, have a great day 🙂
... View more
Labels
- Labels:
-
configuration
-
using ITSI
