Hi,
i have a search that displays its result in a table in the following format:
Time Value
MM-YYYY HHHH
MM-YYYY HHHH
MM-YYYY HHHH
MM-YYYY HHHH
i want to make a drilldown so that when i click on one of the times, it would do a search on that month.
for example:
12-2016 1.12547
i click on the "12-2016" and i want to make a search that earliest=1st Dec 2016, latest=31st Dec 2016.
i can extract the month and the year from the clicked cell using substr, but the problem is that Splunk stores the months by name, so i have to convert "12" to "December" which costs me an eval.
this is how i extract the month and the year - eval temp=substr("12-2016",1,2),month=strftime(temp,"%B"),year=substr("12-2016",4,7)
this is my search:
index=myind source=mysrc | eval temp=substr("12-2016",1,2),month=strftime(temp,"%B"),year=substr("12-2016",4,7) | WHERE date_month==month AND date_year==year | do some more stuff...
Thank you for your help!!
... View more