- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Earliest time not working in Web Framework
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Earliest time not working in Web Framework
Hi,
I know that I'm probably missing something obvious here, but I'm trying to create several SingleViews in the Web Framework that Show a 24 hour, 30 Day, and an All Time count. However, when I run the page I see the same numbers for all of my sample data. I loaded the sample data into Splunk over a week ago, so at the very least the 24 hour value should be zero. I have posted my Javascript code below:
// Define the search managers and postprocess managers
// Setup Main Search
var searchmain = new SearchManager({
id: "search-consoleError",
search: "eventtype=consoleError",
preview: true,
cache: true
});
// Setup 24 hour Post Process Manager
var searchCount1 = new PostProcessManager({
id: "search-count24h",
managerid: "search-consoleError",
earliest_time: "-24h@h",
latest_time: "now",
search: "| chart count"
});
// Render the SingleView for 24 hour count
sv24h = new SingleView({
id: "sv24hCount",
managerid: "search-count24h",
underLabel: "Past 24 hours",
el: $("#sv24hCount")
}).render();
Again, I'm pretty sure I am missing something obvious, but my 24 hour search should read 0 since there hasn't been a record added in at least 48 hours. Instead it reads 7,000 which is the number of test logs I entered. When I run the same search though the search bar I receive a 0 for the last 24 hours.
Any help you guys can provide would be greatly appreciated. Thank you in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct me if I'm wrong but I dont believe you can have different time ranges for a post process search and the main search. I have had this issue before and have solved it, either by separating the searches or if you want to keep it as a postprocess you could change your search to this:
var searchCount1 = new PostProcessManager({
id: "search-count24h",
managerid: "search-consoleError",
search: '| chart count(eval(_time>relative_time(now(),"-24h")))'
});
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I haven't played with JavaScript syntax to call searches within the Web framework, but i've done a lot of views using django stanza, perhaps should you give a try
Creating a searchmanager in django is much easier and short than JS
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
