Dashboards & Visualizations

How do I create a Dashboard that shows earliest and oldest values?

gmasca
Explorer

Hi,

I am new to Splunk and I am trying the following, but I can't find how.

I need to create a dashboard showing the results of pooling on a value from multiple devices.

I like to show in the same line device, earliest result, and oldest result.

I can make the list of results and merge them into one line per device, but not separate the earliest and oldest results in columns

Example:
Data from the pooling
host1, value 1, time: 1/12/2018 11:00
host2, value 2, time: 1/12/2018 11:00
host1, value 3, time: 1/12/2018 11:05
host2, value 4, time: 1/12/2018 11:05

Dashboard:
host / earlist / oldest
host1 / 3 / 1
host2 / 4 / 2

Any help is much appreciated.
Thank you,

0 Karma
1 Solution

whrg
Motivator

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host

View solution in original post

0 Karma

whrg
Motivator

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host
0 Karma

gmasca
Explorer

Thanks! It worked.

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...