Hi All, I've hunted around for answers but haven't been able to figure it out.  What I am trying to do is have multiple Single Values stacked vertically and adjust the width of them. I've tried two methods, the first using JS like so: require(['jquery', 'splunkjs/mvc/simplexml/ready!'], function($) { // Grab the DOM for the first dashboard row var firstRow = $('.dashboard-row').first(); // Get the dashboard cells (which are the parent elements of the actual panels and define the panel size) var panelCells = $(firstRow).children('.dashboard-cell'); // Adjust the cells' width $(panelCells[0]).css('width', '10%'); $(panelCells[1]).css('width', '20%'); $(panelCells[2]).css('width', '45%'); $(panelCells[3]).css('width', '25%'); }); And another using CSS like below: <style> #second_row_stats, #second_row_perc { width: 15% !important; } </style> So either method works if there is only one Single Value in the panel.  Basically the Single Value width adjusts to what the panel width adjusts to.  However if you have a more than one Single Value in the same panel, the panel width is adjusted but the Single Value doesn't expand to the length of the panel width. What I get is this: The first row is using the JS and with Single Values it will adjust properly.  Second row is using the CSS but with multiple Single Values you can see there are gaps. Switching between JS or CSS makes no difference.  I've tried using display: grid too but that didn't help, just ensured it was stacked vertically. Any help would be great.  Thanks! ... View more

Hi All, Hoping someone can point me in the right direction with this one.  The use case is there are some processes that I need to be checking if data is being written to their logs (that is the easy part) and I also need to note if there is a lack of data by host. I used a lookup file that I add to the search in the scenarios where there is a potential issue and I need to indicate that the host has no data.  I managed to get it working and I've combined a number of different processes and use cases together into one search however I've used the append command.  Unfortunately the Splunk admins in my company do not allow for appends in any search (it's a big no no) regardless of the data size which in this case isn't large.   This is what the search looks like currently:   index=test_index sourcetype=process_a_log "Success Message" earliest=-2h | inputlookup append=t hosts.csv | fields host | stats latest(_indextime) as indexedTime by host | eval count=if(isnull(indexedTime),null,(now()-indexedTime)) | eval process="ProcessA" | table host,process,count | append [ search index=test_index sourcetype=process_b_log "Generation completed" earliest=-1h | inputlookup append=t hosts.csv | fields host | stats latest(_indextime) as indexedTime by host | eval count=if(isnull(indexedTime),null,(now()-indexedTime)) | eval process="ProcessB" | table host,process,count ] | append [ search index=test_index earliest=-5m | inputlookup append=t hosts.csv | fields host | stats latest(_indextime) as indexedTime by host | eval count=if(isnull(indexedTime),null,(now()-indexedTime)) | eval process="Data" | table host,process,count ]   I've omitted parts at the bottom where I do an evaluation on thresholds and output severity. I attempted to do something like this:   index=test_index (sourcetype=process_a_log "Success Message" earliest=-2h) OR (sourcetype=process_b_log "Generation completed" earliest=-1h) OR (sourcetype=* earliest=-5m) | inputlookup append=t hosts.csv | fields host | stats latest(_indextime) as indexedTime by host | eval count=if(isnull(indexedTime),null,(now()-indexedTime)) | eval process=case( match(_raw,"Success Message"),"ProcessA", match(_raw,"Generation completed"),"OrocessB", 1=1,"Other") | table host,process,count   However it doesn't produce the outcome I require given all the events for all the processes are together and while it appends the host, I need it to append by process.  Basically I need something along the lines of 'inputlookup append=t by process' but unsure how to achieve it. Any help would be greatly appreciated.  Thanks. ... View more