Smart AnSwerS #90

Hello community and welcome to the 90th installment of Smart AnSwerS.

Beyond Splunk Answers, some of our most active Splunk champions are leading amazing community efforts around the world, including Yutaka Yamada, one of our newest SplunkTrust members based out of Tokyo, Japan. He has been key in growing the Japanese community of Splunk users in his region, especially since he created the Go Japan Splunk User Group (GOJAS). He established this group in 2016 and to date, there are over 600 members who support one another and share information on all things Splunk. Read all about his story building the presence of Splunk in Japan in this Q&A blog post!

Here are this week's featured Splunk Answers posts:

Why isn't my where clause working in this similar search?

pranaynanda presents two searches in the question using the ‘where’ clause in both, and wanted to know why the second search was not producing any results. RPiccone gave a great explanation that ‘And extension!=NULL’ in the second search needed to be replaced with ‘isnotnull(extension)’ since ‘where’ uses ‘eval’ expressions and ‘isnotnull’ is an eval function. RPiccone also shared relevant Splunk documentation on informational functions as a reference to further help pranaynanda. The answer worked for pranaynanda, praising RPiccone with “Salut! You Sir are a true genius!”

Read the post to learn about informational functions and how to use the where clause.

How do I know which token in a dashboard is not set?

Splunker David posted a question with a solution to help other users in the community solve the common issue of seeing “Search is waiting for input…” on dashboard panels. This is often the result of a token not being set, but figuring out which token(s) is the culprit is not always obvious. David provides sample code, showing how to use this in the JavaScript Console in your browser to tell you the number of searches that are dependent on each token and what you can do to manually set them. Quite a few users found it helpful and upvoted the solution, including user chadmedeiros who commented that it was a “great detailed answer”.

Read the post to learn how to find what tokens are not set in your dashboard.

How to add a searchbox to a dashboard?

jrevolorio wanted to know if they could add a searchbox to a dashboard that they created to make it easy for users to enter a username or IP to find information on. They provided the search that they were using, but every time they added a text input for a particular field, the search didn’t run. One of our SplunkTrust members, somesoni2, pointed out that the token name specified in the textbox needed to be added to the search. He shares Splunk documentation for an example to reference, as well as a link to the Splunk Dashboard Examples app to check out different types of dashboards and how they are implemented.

Read the post to learn more about the different usages of dashboards.

Thanks for reading! To see more featured Splunk Answers posts, check out previous Smart AnSwerS blogs in the series.

You can learn more about Splunk and socialize with other users in the community by visiting the Splunk Answers forum, joining discussions in our Slack community chat, attending a Splunk user group meeting, or reading through our Community manual.

----------------------------------------------------
Thanks!
Anam Siddique