Hi guys
I have a search manager to retrieve timestamp in EPOCH.
However I want a way to be able to store the results in a KVSTORE.
any ideas ??
/// Create Search manger to get current timestamp EPOCH TIME
var timestamp_search = new SearchManager({
"id": "timestamp_search",
"status_buckets": 0,
"latest_time": "$latest$",
"search": "| stats count as timestamp | eval timestamp = now()",
"earliest_time": "$earliest$",
"cancelOnUnload": true,
"app": utils.getCurrentApp(),
"auto_cancel": 90,
"preview": true,
"runWhenTimeIsUndefined": false
}, {tokens: true});
If you want to enforce the field, you can use Fields section in KV store
Doc : http://dev.splunk.com/view/webframework-developapps/SP-CAAAEZK
Details about "how to configure" is available here http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ConfigureKVstorelookups
http://dev.splunk.com/view/webframework-developapps/SP-CAAAEZH
http://dev.splunk.com/view/webframework-developapps/SP-CAAAEY7
Programmatically
http://dev.splunk.com/view/webframework-tutorials/SP-CAAAEZV
If you want to enforce the field, you can use Fields section in KV store
Doc : http://dev.splunk.com/view/webframework-developapps/SP-CAAAEZK
Details about "how to configure" is available here http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ConfigureKVstorelookups
http://dev.splunk.com/view/webframework-developapps/SP-CAAAEZH
http://dev.splunk.com/view/webframework-developapps/SP-CAAAEY7
Programmatically
http://dev.splunk.com/view/webframework-tutorials/SP-CAAAEZV
thanks renjith for the response,however answer you gave i already.
my problem is actually retrieving the search results and saving it into the KVStore
In other words i want a timestamp to be automatically generated and stored in the KVStore each time a record is inserted.
So the logic i could come up with is to get the timestamp using the search manager and save the results.
I am able to get the timestamp from the search manager .
However i dont know how to extract the results and save it in the KVstore.
Any suggestions
Thanks
Sam
Just assign current timestamp to a variable using eval and add to your original search string (eval time=now()).
Share your original search string which is used to insert other values into KV Store, we can modify it for you
i created a search manager object and the search string is
"search": "| stats count as timestamp | eval timestamp = now()"
so looks like what you suggested.
but how do i get the variable "timestamp" into the kvstore.
my search manager looks like this
/// get current timestamp EPOCH TIME
var timestamp_search = new SearchManager({
"id": "timestamp_search",
"status_buckets": 0,
"latest_time": "$latest$",
"search": "| stats count as timestamp | eval timestamp = now()",
"earliest_time": "$earliest$",
"cancelOnUnload": true,
"app": utils.getCurrentApp(),
"auto_cancel": 90,
"preview": true,
"runWhenTimeIsUndefined": false
}, {tokens: true});
my kvstore dictionary looks like this
var record = {
"time_stamp": timestamp
};
You can do it from your search itself using outputlookup
for eg :
|stats count|eval timestamp=now()|fields timestamp|outputlookup kvstorelookup name
Its already mentioned in the docs provided above. also refer to
http://docs.splunk.com/Documentation/Splunk/6.3.1511/SearchReference/Outputlookup
In general, you can insert a record programmatically using rest end points as well.
http://dev.splunk.com/view/webframework-tutorials/SP-CAAAEZV
i have some form data that i have to save together with the timestamp.
so i can only use the REST API.
But i have tried several methods out there but doesnt seem to work .
below is the samplecode where i am trying to retrive the timestamp results in to
"my_timestamp" variable where i will inturn save into the dictionary to be used by the REST
any ideas
/// get current timestamp EPOCH TIME
var timestamp_search = new SearchManager({
"id": "timestamp_search",
"status_buckets": 0,
"latest_time": "$latest$",
"search": "| stats count as timestamp | eval timestamp = now()",
"earliest_time": "$earliest$",
"cancelOnUnload": true,
"app": utils.getCurrentApp(),
"auto_cancel": 90,
"preview": true,
"runWhenTimeIsUndefined": false
}, {tokens: true,tokenNamespace: "submitted"});
//WHERE I GET THE TIME STAMP FROM THE SEACH MANAGER
var my_timestamp = ??
//FORM INPUTS
var record = {
"CustID": form_id,
"CustName": form_name,
"CustStreet": form_street,
"CustCity": form_city,
"CustState": form_state,
"CustZip": form_zip,
"time_stamp" : my_timestamp
};
// Use the request method to send a REST POST request
// to the storage/collections/data/{collection}/ endpoint
service.request(
"storage/collections/data/mycollection/",
"POST",
null,
null,
JSON.stringify(record),
{"Content-Type": "application/json"},
null);
});
Ok if you are using html, then just get the current time from java script itself instead of creating a search manager just for this.
var currentDate=new Date();
You can either use currentDate directly which has full timestamp including timezone or get date/time elements from the date object currentDate according to your requirements.
Check javascript datetime documents for further reference
thanks renjith that did the trick .
Glad to here that. Please accept answer so that the question will be closed