I have one column in search name timerange which shows time at with that event happened. I want to plot the graph (timechart) but on the dashboard, I want to use time picker which queries the time from my timerange column.
So, When I wrote the Splunk search query to get the data from the indexes.
I get the following results
_time(time at which vales got index),Total,Stable,Time(time at which the event happened)
1. 2019-06-25 23:56 , 100,100,2019-06-05 05:07
2. 2019-06-25 23:56,500,500,2019-06-05 05:08
3. 2019-06-25 23:56,550,570,2019-06-05 05:09(for every minute)
10000+ entries
_time column has the same values.
if I use the above search query to create a dashboard and in time picker if I select data between 2019-06-05 - 2019-06-06 there are not values to plot. But if I select data 2019-06-25 - 2019-06-26 it shows that event.
So basically I want to map my time picker to the time values at which event happened not the time at which values got indexed.
... View more