Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Earliest time not working in Web Framework

jbouch03
Path Finder
‎08-08-2014 07:11 AM

Hi,
I know that I'm probably missing something obvious here, but I'm trying to create several SingleViews in the Web Framework that Show a 24 hour, 30 Day, and an All Time count. However, when I run the page I see the same numbers for all of my sample data. I loaded the sample data into Splunk over a week ago, so at the very least the 24 hour value should be zero. I have posted my Javascript code below:

 // Define the search managers and postprocess managers
 // Setup Main Search
    var searchmain = new SearchManager({
        id: "search-consoleError",
        search: "eventtype=consoleError",
        preview: true,
        cache: true
    });

    // Setup 24 hour Post Process Manager
    var searchCount1 = new PostProcessManager({
        id: "search-count24h",
        managerid: "search-consoleError",
    earliest_time: "-24h@h",
    latest_time: "now",
        search: "| chart count"
    });

    // Render the SingleView for 24 hour count
    sv24h = new SingleView({
        id: "sv24hCount",
        managerid: "search-count24h",
        underLabel: "Past 24 hours",
        el: $("#sv24hCount")
    }).render();

Again, I'm pretty sure I am missing something obvious, but my 24 hour search should read 0 since there hasn't been a record added in at least 48 hours. Instead it reads 7,000 which is the number of test logs I entered. When I run the same search though the search bar I receive a 0 for the last 24 hours.

Any help you guys can provide would be greatly appreciated. Thank you in advance.

0 Karma
Reply

lquinn
Contributor
‎09-07-2015 07:17 AM

Correct me if I'm wrong but I dont believe you can have different time ranges for a post process search and the main search. I have had this issue before and have solved it, either by separating the searches or if you want to keep it as a postprocess you could change your search to this:

var searchCount1 = new PostProcessManager({
         id: "search-count24h",
         managerid: "search-consoleError",
         search: '| chart count(eval(_time>relative_time(now(),"-24h")))'
     });
0 Karma
Reply

guilmxm
Influencer
‎08-11-2014 10:00 AM

Hi, I haven't played with JavaScript syntax to call searches within the Web framework, but i've done a lot of views using django stanza, perhaps should you give a try
Creating a searchmanager in django is much easier and short than JS

0 Karma
Reply
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...