Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Dashboards & Visualizations
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Drilldown Time chart
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-21-2016
06:26 AM
I have a scheduled search which will run for every 5 hrs for the span of last 24 hrs.. When i drilldown that pie chart i need to pass the time to the new view.. If i pass last 24 hrs time to the view and if i am doing drilldown at 4th hour , it will fetch me the results for last 24 hrs from that particular time.. Hence there is difference in result count.. i need to pass the time when the search has run last time so that the result count will match..
Thanks..!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-21-2016
06:46 AM
See if these tokens give you what you're looking for
$job.earliestTime$: Job start time.
$job.latestTime$: Latest time recorded for the search job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-21-2016
06:46 AM
See if these tokens give you what you're looking for
$job.earliestTime$: Job start time.
$job.latestTime$: Latest time recorded for the search job.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-22-2016
05:16 AM
Can u please give me an example of how to get the earliest time of a scheduled search in html view??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
09-22-2016
05:57 AM
Like this
<dashboard>
<label>test</label>
<row>
<panel>
<table>
<title>Earliest=$e$</title>
<search ref="SavedReport">
<done>
<set token="e">$job.earliestTime$</set>
</done>
</search>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="drilldown">cell</option>
<option name="dataOverlayMode">none</option>
<option name="count">10</option>
</table>
</panel>
</row>
</dashboard>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pasokkum
Path Finder
09-22-2016
06:53 AM
Thanks..! @sundareshr
Get Updates on the Splunk Community!
Routing logs with Splunk OTel Collector for Kubernetes
The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...
New This Month - Observability Updates Give Extended Visibility and Improve User ...
This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...
Intro to Splunk Synthetic Monitoring
In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...
