Smart AnSwerS #24
Hey there community, and welcome to the 24th installment of Smart AnSwerS!
Since I started a year ago as a contractor and just recently became full-time at Splunk, I’ve had to participate in new-hire onboarding the past couple of days. Most of the content has just been a nice refresher on all things Splunk, but hearing about the updated customer use cases has been amazing, especially the most creative ones. One user, for example, has been using Splunk to optimize smoked salmon perfection by analyzing data from a sensor placed in the smoker. Who knew?! Splunk products are only as awesome as the community that makes them worthwhile
Check out this week’s featured Splunk Answers posts:
Sideview Utils: How to redirect, but not dispatch a search?
subtrakt needed to find a way using Sideview Utils to redirect to another dashboard, but not have an outputlookup search automatically run since a user needs to first enter a ticket number before updating the lookup. sideview recommended adding a Sideview Button module with the parameter allowAutoSubmit set to False as this controls any pushes that come from a page load. He explains how this is different from a similar parameter allowSoftSubmit and gives examples of expected behavior for both using different settings.
If I have a table with daily averages, how do I display the standard deviation of these averages at the bottom of the table as a consolidated result?
brutecat already had a search that produced a table of averages, but needed to run further stats on this result set and add it to the bottom of the existing table. acharlieh comes in with just the right solution by introducing brutecat to the search command appendpipe and an example of how to use it with stdev. Nothing like learning something new with a simple, concise answer.
How to fix “Encountered the following error while trying to update: In handler ‘users’: Could not get info for role that does not exist: dbx_user”?
glancaster kept getting this banner message when trying to modify an account locally after uninstalling the Splunk DB Connect app. Even after removing references of the dbx_user role from various configuration files and the DBX app from disabled and saved app files, the error still wasn’t resolved. glancaster finally found the solution and helpfully decided to share the answer with the community as similar questions appear on Splunk Answers periodically. There was one last reference to the dbx_user role in the $SPLUNK_HOME/etc/passwd file. After editing the file and restarting Splunk, voila!
Thanks for reading!
Missed out on the first twenty-three Smart AnSwerS blog posts? Check ‘em out here!