Databases Reference
In-Depth Information
<param name="earliest">-24h</param>
<param name="search">
sourcetype="impl_splunk_gen" loglevel=error
user="$user$" | bucket span=30m _time
| stats count by logger _time
</param>
<module name="ConvertToIntention">
<param name="intention">
<param name="name">stringreplace</param>
<param name="arg">
<param name="user">
<param name="value">$click.value$</param>
...
<!-- The remaining modules are downstream from the pie chart
and are invoked when a pie wedge is clicked -->
<module name="SimpleResultsHeader"
layoutPanel="panel_row2_col1">
<param name="entityName">results</param>
<param name="headerFormat">
Errors by logger for $click.value$
</param>
</module>
<!-- The SingleValue modules -->
<module name="HiddenPostProcess">
<param name="search">
stats sum(count) as count by logger
| sort -count | head 1
| eval f=logger + " is most common (" + count + ")" |
table f </param>
<module name="SingleValue"
layoutPanel="panel_row2_col1"></module>
</module>
...
<!-- The chart -->
<module name="HiddenPostProcess">
<param name="search">
timechart span=30m sum(count) by logger
</param>
<module name="HiddenChartFormatter">
<param name="charting.chart">area</param>
<param name="chart.stackMode">stacked</param>
<module
name="JSChart"
layoutPanel="panel_row4_col1_grp1"/>
</module>
</module>
<!-- The table -->
Search WWH ::
Custom Search