Back to the Blog

On one condition...

Posted by Elizabeth Makepeace on Tuesday, May 24, 2016 - 10:47 Operational Intelligence XML, conditions, Splunk, tokens

I have found that I love creating xml code and seeing all the different capabilities it has within Splunk. While at a client recently, the client wanted to have two separate sets of dashboard inputs on one dashboard. To accomplish this, I turned to some more complex features of simple xml by creating what “appears” to be two separate dashboards; however, it’s actually just one. In creating this, my main focus areas were using “tokens” and “depends”.

I started with my Universal Input of Linux or Windows. This will be what my user sees when the dashboard initially loads.

 ...

read more

Macros and Tokens: Getting the Best Use of Them

Posted by Elizabeth Makepeace on Tuesday, January 26, 2016 - 11:04 Cool Tools, Operational Intelligence Splunk, Cool Tools, Simple XML, macros, Operational Intelligence, tokens

While at a client recently, I had the task of creating a dashboard with the ability to look at Linux and Windows data's highest points and averages. The Windows and Linux data needed to be viewed separately, but still have the ability to view the data in total. To accomplish this, I created a base search using six macros: two to encompass both operating systems with each calculation mode, and two per operating system for each calculation mode.My first step was to create the macros. This is done by Settings > Advanced Search > Search Macros. Once at this page, click “New”. You will be...

read more
Stay In Touch