Stack Overflow
Stack Overflow

Questions tagged [splunk-dashboard]

127 questions
3
votes
2 answers

Splunk : How to figure out replication Factor

If this sound silly to you I apologise in advance, I am new to splunk and did udemy course but can't figure out this. If I check my indexes.conf file in cluster master I get repFator=0 # # By default none of the indexes are replicated. # repFactor =…
ankit singh
  • 111
  • 6
2
votes
2 answers

In Splunk, Need to Pull Data from Nested JSON Array in an Array

I have some data that is an array inside an array. If it makes it easier, there will only ever be the one nested array inside of StopData. { "Name": "ExceptionLogs", "Id": "Id1", "StopData": [ [ { "level": "ERROR", …
stricq
  • 798
  • 6
  • 18
2
votes
1 answer

Separate multiple search values with an OR clause with Splunk?

I have a text box in a Splunk dashboard, and I'm trying to find out how I can separate values entered into the text box that are separated by commas with an OR clause. For example: values entered into text box: 102.99.99, 103.99.93,…
YouKnowWhyImHere
  • 63
  • 7
2
votes
1 answer

Alert setting, in case of a large interval between messages

Good afternoon! I receive messages from systems on splunk, several messages from one system line up in a message chain. As a rule, six messages from one system line up in a chain of six messages. By message chain, I mean that splunk receives six…
Andrew Metelkin
  • 41
  • 5
2
votes
0 answers

How can I update the value in a multiselect or checkbox when the related token value is updated? (Splunk-Enterprise)

I have a Dropdown token being used as the in a Multiselect input. The Multiselect seems to only set the tag's value during dashboard initialization. I can get a change in the dropdown to take effect on the Multiselect when refreshing the page in…
triscut
  • 21
  • 2
2
votes
1 answer

How to extract the data present in {} in Splunk Search

If the data present in json format {[]} get extracted, however when data present in {} as shown below doesn't behave same. How fields and values can be extracted from data in {} _raw data: {"AlertEntityId": "abc@domai.com", "AlertId":…
zen29d
  • 61
  • 7
2
votes
2 answers

Merge url with parameters into 1 in Splunk

I am creating a dashboard for our service. And I want to create metrics for url requests. Lets say have a similar url like this one: /api/v1/users/{userId}/settings And I have following query in Splunk url=*/api/v1/users/*/settings | stats…
user17485523
2
votes
1 answer

How to use a token for a rex in Splunk?

I have a token $token_rex$ set up as follows in the dashboard: mvjoin(mvmap('token_keywords_mv',"(?<".'token_keywords_mv'.">".'token_keywords_mv'."+?)"), "|") token_keyrowrds_mv is basically the following: lorem ipsum situs The…
yaserso
  • 2,638
  • 5
  • 41
  • 73
2
votes
1 answer

Query to extract data

Here is a snippet of the logs: 127.0.0.1 - - [01/Dec/2020:00:00:11 -0500] "GET / url:"api/orderLaptop for customer id 123" 127.0.0.1 - - [01/Nov/2020:00:00:24 -0500] "GET / url:"api/orderLaptop for customer id 124" 127.0.0.1 - -…
user3376592
  • 191
  • 1
  • 13
2
votes
1 answer

Splunk Enterprise: Exclude certain time ranges for a bigger time range

I am in need of knowing if there is a possibility to exclude certain time ranges within a given time period? I have a formula for my search and then I have chosen the datepicker, but would like to know if I can filter out specific time ranges within…
Erfan Tavoosi
  • 389
  • 5
  • 16
1
vote
0 answers

How to deal with $ in the path for xml configuration for splunk for getting logs

I have this xml configuration for splunk to get logs and I used it to register the splunk agent
Techie
  • 21
  • 2
1
vote
1 answer

choropleth map does not render in Dashboard Studio but it does in Classic Dashboards

I need to plot a world map and color countries based on the count and this to a dashboard. This is my query ... AS iso2 | search iso2=* | stats count by iso2 | lookup geo_attr_countries iso2 OUTPUT country | fields+ count, country | geom…
Cyriac George
  • 153
  • 2
  • 11
1
vote
1 answer

Splunk - Group X-axis elements together

I have this chart in a Splunk dashboard The x-axis refers to the different hosts executing our BAU Process. The y-axis refers to the time taken for the BAU Process to finish The code to generate the chart is (host = "A" OR host = "B" OR host = "C"…
waffledood
  • 193
  • 8
1
vote
1 answer

Splunk dynamic conditional formatting

Is it possible in splunk to apply dynamic conditional thresholds For example I have a service helloworld and it contain multiple endpoints , for this example sake helloworld/greeting and helloworld/process the thresholds are like…
loveprogramming
  • 77
  • 9
1
vote
1 answer

Splunk change chart color

I have this graph: How can I change the color for every column from x-axis? For example, green for Low, yellow for Medium, orange for High and red for Critical A part from query: | eval status=case(duration>=0 AND duration<0.2, "Low", duration>=0.2…
Rain03
  • 41
  • 1
  • 7
1
2 3
8 9