Dashboards & Visualizations

How do I create a Dashboard that shows earliest and oldest values?

gmasca
Explorer

Hi,

I am new to Splunk and I am trying the following, but I can't find how.

I need to create a dashboard showing the results of pooling on a value from multiple devices.

I like to show in the same line device, earliest result, and oldest result.

I can make the list of results and merge them into one line per device, but not separate the earliest and oldest results in columns

Example:
Data from the pooling
host1, value 1, time: 1/12/2018 11:00
host2, value 2, time: 1/12/2018 11:00
host1, value 3, time: 1/12/2018 11:05
host2, value 4, time: 1/12/2018 11:05

Dashboard:
host / earlist / oldest
host1 / 3 / 1
host2 / 4 / 2

Any help is much appreciated.
Thank you,

0 Karma
1 Solution

whrg
Motivator

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host

View solution in original post

0 Karma

whrg
Motivator

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host
0 Karma

gmasca
Explorer

Thanks! It worked.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...