Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About angadbagga
angadbagga
Explorer
Member since:
04-13-2017
09-29-2022
Community Statistics
| Posts | 20 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 04-13-2017 |
Activity Feed
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-29-2022 01:20 AM
- Karma Re: How to delete date category in line chart visualization? for bowesmana. 09-29-2022 01:20 AM
- Karma Re: How to delete date category in line chart visualization? for ITWhisperer. 09-29-2022 01:19 AM
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-28-2022 12:30 PM
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-28-2022 05:07 AM
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-28-2022 05:05 AM
- Tagged Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-28-2022 05:05 AM
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-27-2022 07:46 PM
- Posted Re: How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-27-2022 12:08 PM
- Posted Re: How to delete date category in Line chart visualization on Dashboards & Visualizations. 09-27-2022 12:03 PM
- Posted How to delete date category in line chart visualization? on Dashboards & Visualizations. 09-26-2022 11:07 PM
- Posted Re: Multiple time ranges in a single report/View? on Splunk Search. 09-26-2022 12:23 PM
- Posted Re: Multiple time ranges in a single report/View? on Splunk Search. 09-26-2022 11:32 AM
- Posted Re: Multiple time ranges in a single report/View? on Splunk Search. 09-26-2022 11:24 AM
- Posted Re: Multiple time ranges in a single report/View? on Splunk Search. 09-26-2022 11:19 AM
- Posted Re: Multiple time ranges in a single report/View? on Splunk Search. 09-26-2022 11:06 AM
- Posted How to achieve multiple time ranges in a single report/view? on Splunk Search. 09-26-2022 07:55 AM
- Posted Re: Splunk Left join not working on Splunk Dev. 08-22-2020 08:39 PM
- Posted Re: Splunk Left join not working on Splunk Dev. 08-03-2020 05:49 PM
- Posted Re: Splunk Left join not working on Splunk Dev. 08-03-2020 04:16 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
09-29-2022
01:20 AM
Thanks
... View more
09-28-2022
12:30 PM
Here is some of it. <dashboard> <label>Test123</label> <description>Testing date</description> <row> <panel> <title>test</title> <html depends="$alwaysHideCSSStyle$"> <style> .highcharts-tooltip{ visibility:hidden !important; } </style> </html> <chart> <search> <query> index= ****And so on
... View more
09-28-2022
05:07 AM
Thanks - This looks promising. Can you pl. check the query i gave initially as the results of this with the query i sent are not matching (with index and sourcetype etc). Can you pl. help with complete query. Cheers!
... View more
09-28-2022
05:05 AM
Yeah, even am surprised. I added this in XML but didn't work. I don't have any chart name - Not sure if it should be myTimechart <html>
<style>
#myTimeChart svg g.highcharts-axis-labels.highcharts-xaxis-labels text:nth-child(1) tspan:nth-child(2), #myTimeChart svg g.highcharts-axis-labels.highcharts-xaxis-labels text:nth-child(1) tspan:nth-child(3){
visibility: hidden !important;
}
</style>
</html>
... View more
- Tags:
- xml
09-27-2022
07:46 PM
I know it will remove the date (day) but then you won't be able to visualize anything. So after removing date I can't see line or bar chart. Hence this is not useful. 🙂
... View more
09-27-2022
12:08 PM
@ITWhisperer @gcusello - My query is fine. It gives me correct data. I get stats of today (28th Sept), last week same day (21 sept) , 2 weeks back Wed (14th Sept), 3 weeks back Wed (7th Sept). But in the visualization as @FelixLeh mentioned i was not able to remove that date field even after so much research since some days. Any XML hack can help me with it??
... View more
09-27-2022
12:03 PM
Thanks - Yes - That's exactly what I want - I don't have any issue with the query (I know timewrap very well. ) In the line chart(Visualization) how can i remove that date through XML.
... View more
09-26-2022
11:07 PM
I am using the query as below and visualizing it in a line chart.
There is date field coming on the line chart and I want to remove it through XML without removing time field? Can someone guide me . (I was able to remove it in query using field format command but it was not super helpful as I was not able to see visualization.) Also, I was able to remove the hover through this article - Solved: How to disable mouse hover on bar chart in XML - Splunk Community But not the date. This one is very close to what I want to do, but didn't solve my case on the line chart. Solved: How to delete the date category on a visualization... - Splunk Community Query for reference
index=xyz sourctype=abc earliest = -60m@m latest = @m
|eval ReportKey="Today"
|append
[search index=index=xyz sourctype=abc earliest = -60m@m-1w latest = @m-1w
|eval ReportKey="LastWeek" | eval _time=relative_time(_time, "+1w")]
|append
[search index=index=xyz sourctype=abc earliest = -60m@m-2w latest = @m-2w
|eval ReportKey="TwoWeeksBefore" | eval _time=relative_time(_time, "+2w")]
|append [search index=index=xyz sourctype=abc earliest = -60m@m-3w latest = @m-3w
|eval ReportKey="ThreeWeeksBefore" | eval _time=relative_time(_time, "+3w")]
|timechart span = 1m count(index) as Volume by Reportkey
... View more
Labels
- Labels:
-
CSS
-
panel
-
simple XML
-
timechart
09-26-2022
12:23 PM
Can i remove the date part from XML in visualization. (I want to have visualization as well as don't want to see the date while i hover on it) I want to see the value while I hover but not the date
... View more
09-26-2022
11:32 AM
@richgalloway : What should be the next step to see visualization. As with only hrs, min and sec there is no graph/chart possible
... View more
09-26-2022
11:24 AM
As we have strategically removed the day - Any visualization with _time is x axis is no longer showing
... View more
09-26-2022
11:19 AM
THough i see the statistics with only hrs:min:sec in _time and 04 columns(Lastweek, threeWeeksbefore, Today and Twoweekbefore) but I can't see Line chart as visualization now. 😞 I wanted a line chart with _time in x axis and rest all in y axis
... View more
09-26-2022
11:06 AM
This is still giving the same _time with today's date and time in stats. 🙂
... View more
09-26-2022
07:55 AM
Here is my query. In final line chart when I hover, I am not getting different dates. Rather only 26th Sept (Today's date). (I want to have today, last week same day, 2 weeks back same day & 3 week back same day in the same visualization)
index=xyz sourctype=abc earliest = -60m@m latest = @m
|eval ReportKey="Today"
|append
[search index=index=xyz sourctype=abc earliest = -60m@m-1w latest = @m-1w
|eval ReportKey="LastWeek" | eval _time=_time+60*60*24*7]
|append
[search index=index=xyz sourctype=abc earliest = -60m@m-2w latest = @m-2w
|eval ReportKey="TwoWeeksBefore" | eval _time=_time+60*60*24*14]
|append [search index=index=xyz sourctype=abc earliest = -60m@m-3w latest = @m-3w
|eval ReportKey="ThreeWeeksBefore" | eval _time=_time+60*60*24*21]
|timechart span = 1m count(index) as Volume by Reportkey
... View more
08-03-2020
05:49 PM
Hi Yes, i tried to state the field i wanted to join. I am writing this query with dummy fields. In short there are two source types and i want CompletionTime_Dep and CompletionTime_CD in the final table index=abc sourcetype="xyz" "efp" source="hello1" OR source="hello2*" OR source="hello3*" | rex field=source (?<Tweet>"\b\w{2}\b") | eval Steel = case(Tweet == "EV", "Steel1", Tweet == "SV", "Steel2") | table Tweet Steel _time | rename _time as CompletionTime_Dep | convert ctime(CompletionTime_Dep) | join Steel type=left [ search sourcetype="ufh" "stn" source="hello1" OR source="hello2*" OR source="hello3*" rex field=source (?<Tweet>"\b\w{2}\b") | eval Steel = case(Tweet == "EV", "Steel1", Tweet == "SV", "Steel2") | table Tweet Steel _time | rename _time as CompletionTime_CD | convert ctime(CompletionTime_CD)]
... View more
08-03-2020
04:16 PM
I want different _time values for both the source types "logsA" and "logsB" in the tabe
... View more
08-03-2020
04:06 PM
HI I have a query like below. Can i use something else than join index=hello sourcetype="logs A" source="C:\\football\ab*" OR source="C:\\Tennis\cd*" OR source="C:\\Cricket\eb*" | rex (something) |eval (something) | join type=left [search sourcetype = "logs B" source="C:\\football\ab*" OR source="C:\\Tennis\cd*" OR source="C:\\Cricket\eb*" |rex (something) |eval (somthing)] table
... View more
Labels
- Labels:
-
app
12-27-2017
06:59 PM
My query is something like this,
index=anything sourcetype=something OWNER_GROUP="Hello_world" OR OWNER_GROUP="Hello_mars" CASE_TYPE=1|eval Start=(strptime(SUBMIT_DATE,"%F%T")+3600)|where Start>relative_time(now(),"--7d")|dedup CASE_ID|eval Priority="P"+tostring(PRIORITY+1)|search STATUS=1 OR STATUS=2 OR STATUS=3|stats count as Total"
In verbose mode am getting 1120 count where as in fast mode am getting 883. In saved dashboard am getting 883 as count.
... View more
04-13-2017
11:29 AM
If I have two data centers, one in Germany and other in New Zealand, and I have created different dashboards for them. I want to link them to a map so that when I click on the country, that country's dashboards open. How can I do it? Can anyone help?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-29-2022
02:09 PM
|
