Smart AnSwerS #87

Hello community and welcome to the 87th installment of Smart AnSwerS.

Our Splunk Answers community is thriving with users actively answering questions! The "Where Will Your Karma Take You" contest has brought out some new and very helpful contributors who we've seen answer questions week after week. It's from this contest in previous years where we've identified champions in our global community, some of which are now part of the SplunkTrust MVP program. We had our first ever SplunkTrust Summit at Splunk HQ a couple weeks ago where members from around the world gathered to meet with product management and other teams. It was amazing to have most of the Trustees all together in one place and listen to their feedback on future roadmap and ways to improve our community. The next time we'll get to see them as a unit again will be at .conf18 in October, so until then, let the five-month countdown begin!

Here are this week's featured Splunk Answers posts:

How to change the width of panels in XML?

auaave wanted to understand how to change the width of a single value, statistics table, and line chart in an XML dashboard. niketnilay explained that you can add “id” to each of the panels, then use the CSS override for the panel width adjustment in the dashboard. He goes on to give an example of the code followed up with images for each of the panels. kmaron and auaave confirmed these examples were really useful. “Wow. That’s awesome...I was always told that the CSS would be overwritten so JavaScript was the only way. This has totally made my day!”, says kmaron.

Read the post on how to change the width of panels with Simple XML and CSS.

Check out the Simple XML Reference page from Splunk Docs to learn more.

How can I change the charting legend placement?

pavanae wanted to change the legend placement to the top of the chart instead of the right side where it was shown as being cut-off halfway. The user wanted to know if they had to modify the html tags in order to have the placement where it needs to be. cmerriman, an amazing community member of the SplunkTrust, provided the Splunk documentation on chart configuration and provided an example on how to edit the XML source code in the dashboard.  

Read the post to see how you can change the placement of the legend on a chart.

How to join two tables where the key is named differently and must be cleaned up first?

dw10j wanted to filter logs by field and then perform a join on the second log, effectively joining two tables. DalJeanis, who is one of our SplunkTrust members and an awesome and helpful contributor to our community, gives a shout out to martin_mueller on providing the correct answer for the question, but goes on to provide a detailed explanation to further help dw10j. He gets him to understand how translating from SQL to SPL is not what you expect and uses this analogy: “Relational databases are like an office building attached to a bunch of warehouses. Splunk is like a city library system.” DalJeanis references this theme throughout the entire answer which beautifully provides context for the community to learn the differences between the relational database world and Splunk. Several other SplunkTrust members commented on this answer to affirm this valuable breakdown. niketnilay added a helpful resource on Splunk SPL for SQL users from the Splunk Docs for reference and further reading.

Read the post to check out DalJeanis’ analogy and thorough solution.

Thanks for reading! To see more featured Splunk Answers posts, check out previous Smart AnSwerS blogs in the series.

You can learn more about Splunk and socialize with other users in the community by contributing to the Splunk Answers forum, joining discussions in our Slack community chat, attending a Splunk user group meeting, or reading through our Community manual.  

----------------------------------------------------
Thanks!
Anam Siddique