Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Drilldown Time chart
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-21-2016
06:26 AM
I have a scheduled search which will run for every 5 hrs for the span of last 24 hrs.. When i drilldown that pie chart i need to pass the time to the new view.. If i pass last 24 hrs time to the view and if i am doing drilldown at 4th hour , it will fetch me the results for last 24 hrs from that particular time.. Hence there is difference in result count.. i need to pass the time when the search has run last time so that the result count will match..
Thanks..!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-21-2016
06:46 AM
See if these tokens give you what you're looking for
$job.earliestTime$: Job start time.
$job.latestTime$: Latest time recorded for the search job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-21-2016
06:46 AM
See if these tokens give you what you're looking for
$job.earliestTime$: Job start time.
$job.latestTime$: Latest time recorded for the search job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-22-2016
05:16 AM
Can u please give me an example of how to get the earliest time of a scheduled search in html view??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-22-2016
05:57 AM
Like this
<dashboard>
<label>test</label>
<row>
<panel>
<table>
<title>Earliest=$e$</title>
<search ref="SavedReport">
<done>
<set token="e">$job.earliestTime$</set>
</done>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
</dashboard>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-22-2016
06:53 AM
Thanks..! @sundareshr
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
