Dashboards & Visualizations

Earliest time not working in Web Framework

jbouch03
Path Finder

Hi,
I know that I'm probably missing something obvious here, but I'm trying to create several SingleViews in the Web Framework that Show a 24 hour, 30 Day, and an All Time count. However, when I run the page I see the same numbers for all of my sample data. I loaded the sample data into Splunk over a week ago, so at the very least the 24 hour value should be zero. I have posted my Javascript code below:

 // Define the search managers and postprocess managers
 // Setup Main Search
    var searchmain = new SearchManager({
        id: "search-consoleError",
        search: "eventtype=consoleError",
        preview: true,
        cache: true
    });

    // Setup 24 hour Post Process Manager
    var searchCount1 = new PostProcessManager({
        id: "search-count24h",
        managerid: "search-consoleError",
    earliest_time: "-24h@h",
    latest_time: "now",
        search: "| chart count"
    });

    // Render the SingleView for 24 hour count
    sv24h = new SingleView({
        id: "sv24hCount",
        managerid: "search-count24h",
        underLabel: "Past 24 hours",
        el: $("#sv24hCount")
    }).render();

Again, I'm pretty sure I am missing something obvious, but my 24 hour search should read 0 since there hasn't been a record added in at least 48 hours. Instead it reads 7,000 which is the number of test logs I entered. When I run the same search though the search bar I receive a 0 for the last 24 hours.

Any help you guys can provide would be greatly appreciated. Thank you in advance.

0 Karma

lquinn
Contributor

Correct me if I'm wrong but I dont believe you can have different time ranges for a post process search and the main search. I have had this issue before and have solved it, either by separating the searches or if you want to keep it as a postprocess you could change your search to this:

var searchCount1 = new PostProcessManager({
         id: "search-count24h",
         managerid: "search-consoleError",
         search: '| chart count(eval(_time>relative_time(now(),"-24h")))'
     });
0 Karma

guilmxm
SplunkTrust
SplunkTrust

Hi, I haven't played with JavaScript syntax to call searches within the Web framework, but i've done a lot of views using django stanza, perhaps should you give a try
Creating a searchmanager in django is much easier and short than JS

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...