- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to edit my dashboard so that my dropdown value...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
i have created dashboard with 2 dropdowns based on host and based on Time Range. When select host it is working but not Time Range.
i am populating values by using this search and i can see the values in search
index=myindex source="/logs/app/*" | rex field=_raw "^(?[^,]+)" | dedup Time | table Time
and here the main using for displaying results in table format
index=myindex source="/logs/app/*" host="$drophost$" Time="$timerange$" | reverse | rex field=_raw "^(?[^,]+),(?[^,]+),(?.*)" | eventstats latest(Time) as current | where current=Time |stats list(Contents) as Contents by Host Time |table Time Host Contents
any help is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might have to replace 'Time' with '_time' in the queries, and then you may have to do some playing around with the drop-downs.
The time field is always a little tricky to mess around with. Quirky.
I use something like this to use the drop down time ranges:
detail.utr="*" earliest=$dashboardTime.earliest$ latest=$dashboardTime.latest$ | stats count by detail.formId
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might have to replace 'Time' with '_time' in the queries, and then you may have to do some playing around with the drop-downs.
The time field is always a little tricky to mess around with. Quirky.
I use something like this to use the drop down time ranges:
detail.utr="*" earliest=$dashboardTime.earliest$ latest=$dashboardTime.latest$ | stats count by detail.formId
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.actually i am extracting Time from events.
i am able to make it work and here is the search
index=myindex source="/logs/app/" host="$drophost$" | reverse | rex field=_raw "^(?[^,]+),(?[^,]+),(?.)" | search Time="$timerange$" | stats list(Contents) as Contents by Host Time | table Time Host Contents
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
