Chris Younger ChrisYounger
ChrisYounger
/ Example number display viz 2
Created
March 31, 2021 08:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <dashboard> | |
| <label>gauge test</label> | |
| <row> | |
| <panel id="autoresize"> | |
| <viz type="number_display_viz.number_display_viz"> | |
| <search> | |
| <query>| makeresults | |
| | eval process="Process1 Process2 Process3" | makemv process | mvexpand process | |
| | eval breachPerc="10 20 15" | makemv breachPerc | |
| | eval nBreachPerc="69 70 80" | makemv nBreachPerc |
ChrisYounger
/ Example number display viz
Created
March 30, 2021 09:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <dashboard> | |
| <label>gauge test</label> | |
| <row> | |
| <panel id="autoresize"> | |
| <viz type="number_display_viz.number_display_viz"> | |
| <search> | |
| <query>| makeresults | |
| | eval process="Process1 Process2 Process3" | makemv process | mvexpand process | |
| | eval breachPerc="10 20 15" | makemv breachPerc | |
| | eval nBreachPerc="69 70 80" | makemv nBreachPerc |
ChrisYounger
/ SplunkBookmarks.html
Created
April 4, 2019 11:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE NETSCAPE-Bookmark-file-1> | |
| <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> | |
| <TITLE>Bookmarks</TITLE> | |
| <H1>Bookmarks</H1> | |
| <DL><p> | |
| <dt><a href="https://splunkbase.splunk.com/">Splunkbase</a> | |
| <dt><a href="https://git.io/splhighlighter">Splunk Highlighter</a> | |
| <dt><a href="http://regex101.com/">regex101.com</a> | |
| <dt><a href="http://strftime.net/">strftime.net</a> | |
| <DT><H3 ADD_DATE="1551742873" LAST_MODIFIED="1553513798">.Conf Files</H3> |
ChrisYounger
/ splunk_datatypesbnf
Created
January 26, 2019 09:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [bool] | |
| syntax = t|true|f|false | |
| [field] | |
| syntax = <fvalue> | |
| [field-and-value] | |
| syntax = <field>/s*=/s*<fvalue> | |
| [field-and-value-list] | |
| syntax = (?:<field-and-value>)+ | |
| [field-list] | |
| syntax = <field>(?:[ ,]+<field>)* |
ChrisYounger
/ splunk_searchbnf
Created
January 26, 2019 09:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # the output from running "/opt/splunk/bin/splunk btool searchbnf list" on a fairly default Splunk 7.2 instance | |
| [abstract-command] | |
| alias = excerpt | |
| appears-in = 3.0 | |
| category = formatting | |
| commentcheat = Show a summary of up to 5 lines for each search result. | |
| description = Produce an abstract -- a summary or brief representation -- of the text of search results. The original text is replaced by the summary, which is produced by a scoring mechanism. If the event is larger than the selected maxlines, those with more terms and more terms on adjacent lines are preferred over those with fewer terms. If a line has a search term, its neighboring lines also partially match, and may be returned to provide context. When there are gaps between the selected lines, lines are prefixed with "...". \p\ | |
| If the text of a result has fewer lines or an equal number of lines to maxlines, no change will occur.\i\ | |
| * <maxlines> accepts values from 1 - 500. \i\ |