Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About replicamask
replicamask
Explorer
Member since:
09-20-2017
06-24-2020
Community Statistics
| Posts | 11 |
| Solutions | 2 |
| Karma Given | 12 |
| Karma Received | 2 |
| Member Since | 09-20-2017 |
Activity Feed
- Karma Re: Can you help me with some problems with matching rex? for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: Can you help me with some problems with matching rex? for renjith_nair. 06-05-2020 12:50 AM
- Karma Re: How do I modify ID results in a table to display a URL or filepath? for maciep. 06-05-2020 12:50 AM
- Karma Re: How do I modify ID results in a table to display a URL or filepath? for maciep. 06-05-2020 12:50 AM
- Karma Re: Simple XML Dashboard Layout Issues for mohammedk01. 06-05-2020 12:50 AM
- Karma Re: Simple XML Dashboard Layout Issues for jacobpevans. 06-05-2020 12:50 AM
- Got Karma for Re: Simple XML Dashboard Layout Issues. 06-05-2020 12:50 AM
- Got Karma for Re: Simple XML Dashboard Layout Issues. 06-05-2020 12:50 AM
- Karma Understanding the LOOKUP command for mahbs. 06-05-2020 12:49 AM
- Karma Re: Understanding the LOOKUP command for elliotproebstel. 06-05-2020 12:49 AM
- Karma Re: Is it possible to set the sampleRatio for a search using a drop-down token with XML? for maciep. 06-05-2020 12:48 AM
- Karma How to generate a search that displays column totals per day for each email address? for rholm01. 06-05-2020 12:48 AM
- Karma Re: How to generate a search that displays column totals per day for each email address? for sundareshr. 06-05-2020 12:48 AM
- Karma Re: eval & coalesce for Ayn. 06-05-2020 12:46 AM
- Posted Re: Import contents from an XML file to a dashboard panel on Dashboards & Visualizations. 01-28-2020 11:40 AM
- Posted Import contents from an XML file to a dashboard panel on Dashboards & Visualizations. 01-24-2020 09:36 AM
- Tagged Import contents from an XML file to a dashboard panel on Dashboards & Visualizations. 01-24-2020 09:36 AM
- Tagged Import contents from an XML file to a dashboard panel on Dashboards & Visualizations. 01-24-2020 09:36 AM
- Posted Re: Simple XML Dashboard Layout Issues on Dashboards & Visualizations. 09-06-2019 07:22 AM
- Posted Re: Simple XML Dashboard Layout Issues on Dashboards & Visualizations. 09-06-2019 07:17 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-28-2020
11:40 AM
Thanks for the reply @efavreau! I will definitely be checking this out for future developments as my app moves further!
In the meantime I actually discovered a pretty straightforward solution to my original issue. Utilising the prebuilt panel option.
I was able to add it to my app in the following directory:
/splunk/etc/apps/APP_NAME/local/data/ui/panels/links.xml
Then in my dashboard I was able to call it with the following line ( id=links is optional if you are not using CSS):
<panel id="links" ref="links" app="APP_NAME"></panel>
Doing it this way means when I add a new link to the main list all the dashboards will show the change without me having to go and update 20+ different pages just because I added a new dashboard and it needs linking from the others.
I hope this helps someone else out who is looking to achieve the following!
... View more
01-24-2020
09:36 AM
So I have been looking around and not really finding anything and it's a bit of a long shot.
Currently working on a custom app which is essentially a collection of dashboards for common searches. Each team will have a homepage in the app where the searches (dashboards) will all be listed in a nav type list.
This same list will be populated on the top of each dash for ease of use so people don't have to return to the home page to change what they want to search.
The issue we are facing is trying to keep all these up to date if new dashboards are added over time. Updating each page to have the new nav list is a tedious and prone to error approach and something I would like to avoid.
I've been trying to see if there is a way to have a master nav/links list somewhere where new items can be add. And then in the dashboards and homepages have that reference the file to populate the links list.
We are also looking to keep the dashboards in XML and not convert to HTML if at all possible.
If anyone has any help or advice that would be great! TIA!
... View more
- Tags:
- splunk-enterprise
- xml
09-06-2019
07:22 AM
1 Karma
For anyone else facing a similar task, I think the most straightforward solution is to use a HTML table and try and make it look nice with inline CSS or attach a CSS file to the dashboard, going to leave the rough shell for the layout I asked about in case it helps others.
<dashboard>
<label>Layout Testing</label>
<row id="links_row">
<panel id="css_hidden" depends="$alwaysHideCSS$">
<title>testing</title>
<html>
<style>
#css_hidden{
width:0% !important;
}
#t1{
width:20% !important;
}
#t2{
width:50% !important;
}
#t3{
width:30% !important;
}
</style>
</html>
</panel>
<panel id="home_table">
<html>
<table id="t0">
<tbody>
<tr>
<td id="t1" rowspan="2">
<ul>
<li>Table 1</li>
</ul>
</td>
<td id="t2">
<ul>
<li>Table 2</li>
</ul>
</td>
<td id="t3">
<ul>
<li>Table 3</li>
</ul>
</td>
</tr>
<tr>
<td id="t4" colspan="2">
<ul>
<li>Table 4</li>
</ul>
</td>
</tr>
</tbody>
</table>
</html>
</panel>
</row>
</dashboard>
... View more
09-06-2019
07:17 AM
1 Karma
ya and it was the crossing <row> boundary that was catching me.
It would have to remain in the XML as there will likely be needs for changes down the line as parts of it evolve and change.
Another idea I had was to just try and do it with a hmtl table and inline css so here's hoping that will work out for it.
Thanks for the reply!
... View more
09-04-2019
01:48 PM
I'm searching to see if it's possible to have a dashboard with a layout like this using the XML in Splunk:
The idea being panel (cell) 1 would contain a list of links and 2, 3, and 4 would be populated with content, knowledge for users, etc.
But it's not proving that straightforward with the simple XML.
Has anyone else attempted this or similar? I've been through the previous posts here and didn't turn up anything to help properly, I have also been through the sample dashboards and didn't have any luck there either.
Thanks in advance!
... View more
- Tags:
- dashboards
- xml
07-10-2019
06:59 PM
Hi,
I've been searching online and trying to find an answer for this.
Essentially it's building a dashboard/app page with predefined searches for people to use.
What I am trying to implement is a drop down choice at the beginning to select the search you wish to run. Then after that there is two fields for difference resource id's.
The first field is just an id and will be the same for all searches, user_id will work for this example. Then the second field would need to change depending on the choice of search.
For example:
Select search from dropdown (all user actions from an IP)
This would have the first field as user_id and need to have the second field as ip=
Select search from dropdown (all user actions on a certain index)
This would have the first field as user_id and need to have the second field as index=
That way when someone opens it up they can select the search they want to run from the drop down, then enter the user_id, and finally enter the last field which would change depending on the search chosen, after they hit submit the entered values would be assigned to their field names and added to the search which will be stored in the drop down
(trimmed down extract of what it looks like atm)
<label>user + ip</label>
<searchTemplate>$searchstring$ user_id=$user_id$ (changable_field_name=user_submitted_value)</searchTemplate>
<fieldset>
<input type="dropdown" token="searchstring">
<label>Search</label>
<choice value='SEARCH STRING WOULD BE INCLUDED HERE ASIDE FROM THE USER_ID AND ADDITIONAL FIELD NAME'>user actions from a specific ip</choice>
<choice value='SEARCH STRING WOULD BE INCLUDED HERE ASIDE FROM THE USER_ID AND ADDITIONAL FIELD NAME'>user actions on a specific index</choice>
<input type="text" token="user_id">
<label>user_id</label>
<default>*</default>
<prefix>"</prefix>
<suffix>"</suffix>
</input>
<input type="text" token="ip">
<label>ip</label>
<default>*</default>
<prefix>"</prefix>
<suffix>"</suffix>
</input>
<input type="text" token="index">
<label>index</label>
<default>*</default>
<prefix>"</prefix>
<suffix>"</suffix>
</input>
So while I know this will populate the entered user_id from the field into the search string ( user_id=$user_id$ ), I am at a loss of how to have the second field name update from the drop down and then apply into the searchTemplate along with the provided value where it says (changable_field_name=user_submitted_value) above.
Thanks in advance for any help
... View more
- Tags:
- splunk-enterprise
12-19-2018
09:20 AM
That is perfect! worked exactly as needed!
Can i ask, how does adding the ? to the end of the expression inside the parentheses prevent it from running too far like before?
... View more
12-18-2018
01:22 PM
Hey,
so I've been through all the posts here, and on Google, I can find for this, and I imagine it's a stupid mistake I'm making, but I cannot for the life of me nail this down.
I have a Splunk payload which contains the same field twice that I want to extract. Sometimes they will have the same values and other times different, but either would match the expression.
The problem I am encountering is the expression continues to match the text until it encounters the second instance of where it's supposed to stop.
I'm looking for this:
search terms here
| rex "\SSKU\S(?<field2>[a-zA-Z0-9\D]+)\S\SSKU\S"
| table field2
So, it's supposed to match the field for the SKU from the raw text. However, since the SKU is showing at the beginning and again towards the end, it starts getting the SKU from the first time it matches, but instead of ending after it it continues to capture the text and stops after the second match.
I'm looking for a way to make it stop after the first match, and if possible, also list the second match in the table.
So instead of what I currently have:
123123123</SKU> <Quantity>19</Quantity> <Message>OK</Message> <MessageID>2</MessageID> <SKU>123123123
I would just like the column with the value 123123123 to appear, and as mentioned above, if I can also have the second value there as well that would be unreal!
... View more
10-09-2018
06:23 AM
That is brilliant thank you very much! From everything I was looking up to have them clickable would involve the drill down and dashboards right? Or is there another method?
It's not a required functionality atm, but just curious since you mentioned it there 🙂
... View more
10-04-2018
10:30 AM
Hey there,
I've been having a look around on here, and through Google, but so far coming I'm up blank.
I'm looking for a way to basically change how an ID is displayed in a table.
Say I run a search like this:
sourcetype=testsource | table _time, , sourcetype, id
and I get a table back like
_time sourcetype id
12:00 testsource 123
So while the id value is indeed 123, I would like to have it — depending on the ID —display with a URL or filepath. For example:
_time sourcetype id
12:00 testsource test.com/123
Is this possible without diving into drill down and dashboards (http://docs.splunk.com/Documentation/Splunk/7.1.2/Viz/DrilldownIntro), it's not going to be a regular requirement in a search so something I can throw in the query on the fly would be ideal.
TIA!
... View more
09-20-2017
07:10 AM
Is there a way to have this without the values in the columns above the totals?
,Awesome! Is there a way to remove the values in the columns and just have the totals?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-24-2020
04:17 PM
|
Karma given to
