Solved: How do I create a Dashboard that shows earliest an...

gmasca · ‎12-04-2018

Hi,

I am new to Splunk and I am trying the following, but I can't find how.

I need to create a dashboard showing the results of pooling on a value from multiple devices.

I like to show in the same line device, earliest result, and oldest result.

I can make the list of results and merge them into one line per device, but not separate the earliest and oldest results in columns

Example:
Data from the pooling
host1, value 1, time: 1/12/2018 11:00
host2, value 2, time: 1/12/2018 11:00
host1, value 3, time: 1/12/2018 11:05
host2, value 4, time: 1/12/2018 11:05

Dashboard:
host / earlist / oldest
host1 / 3 / 1
host2 / 4 / 2

Any help is much appreciated.
Thank you,

whrg · ‎12-04-2018

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host

View solution in original post

whrg · ‎12-04-2018

Hi!
Try this:

basesearch | stats earliest(value) as earliest latest(value) as oldest by host

gmasca · ‎12-04-2018

Thanks! It worked.

How do I create a Dashboard that shows earliest and oldest values?

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk