Currently using Dashboard classic and added Markdown Text to the bottom of my pie chart to inform the user when the data was last update. Is there a way in the Markdown Text to format job.lastUpdated? It is currently showing in Zulu.
I was also thinking of putting it in the description field, if possible.
Hi @Wooly
If its for a dashboard studio dashboard then you can use an additional search to convert the time format back to unix timestamp and then to whatever friendly time format you like, such as:
Here is the JSON for the dashboard for you to play with:
{
"title": "SetLastUpdatedTime",
"description": "",
"inputs": {},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
}
}
},
"visualizations": {
"global": {
"showProgressBar": true
}
}
},
"visualizations": {
"viz_MRGXRquA": {
"options": {
"fontColor": "#0000ff",
"markdown": "Last Updated: **$PieSearchLastUpdated:result.friendlyTime$**"
},
"type": "splunk.markdown"
},
"viz_z5OzyBTT": {
"dataSources": {
"primary": "ds_ZBRBhP7a"
},
"options": {},
"type": "splunk.pie"
}
},
"dataSources": {
"ds_LYYZ83TP": {
"name": "PieSearchLastUpdated",
"options": {
"enableSmartSources": true,
"query": "| makeresults \n| eval _time=\"$PieSearch:job.lastUpdated$\", unixTimeStamp=strptime(_time, \"%Y-%m-%dT%H:%M:%S.%QZ\"), friendlyTime=strftime(unixTimeStamp,\"%d/%m/%Y %H:%M:%S\")"
},
"type": "ds.search"
},
"ds_ZBRBhP7a": {
"name": "PieSearch",
"options": {
"enableSmartSources": true,
"query": "| tstats count where index=_internal earliest=-12h latest=now by host"
},
"type": "ds.search"
}
},
"layout": {
"globalInputs": [],
"layoutDefinitions": {
"layout_1": {
"options": {
"display": "auto",
"height": 960,
"width": 1440
},
"structure": [
{
"item": "viz_z5OzyBTT",
"position": {
"h": 300,
"w": 400,
"x": 10,
"y": 0
},
"type": "block"
},
{
"item": "viz_MRGXRquA",
"position": {
"h": 30,
"w": 250,
"x": 160,
"y": 270
},
"type": "block"
}
],
"type": "absolute"
}
},
"options": {},
"tabs": {
"items": [
{
"label": "New tab",
"layoutId": "layout_1"
}
]
}
}
}🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Hi @Wooly
If its for a dashboard studio dashboard then you can use an additional search to convert the time format back to unix timestamp and then to whatever friendly time format you like, such as:
Here is the JSON for the dashboard for you to play with:
{
"title": "SetLastUpdatedTime",
"description": "",
"inputs": {},
"defaults": {
"dataSources": {
"ds.search": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
}
}
}
},
"visualizations": {
"global": {
"showProgressBar": true
}
}
},
"visualizations": {
"viz_MRGXRquA": {
"options": {
"fontColor": "#0000ff",
"markdown": "Last Updated: **$PieSearchLastUpdated:result.friendlyTime$**"
},
"type": "splunk.markdown"
},
"viz_z5OzyBTT": {
"dataSources": {
"primary": "ds_ZBRBhP7a"
},
"options": {},
"type": "splunk.pie"
}
},
"dataSources": {
"ds_LYYZ83TP": {
"name": "PieSearchLastUpdated",
"options": {
"enableSmartSources": true,
"query": "| makeresults \n| eval _time=\"$PieSearch:job.lastUpdated$\", unixTimeStamp=strptime(_time, \"%Y-%m-%dT%H:%M:%S.%QZ\"), friendlyTime=strftime(unixTimeStamp,\"%d/%m/%Y %H:%M:%S\")"
},
"type": "ds.search"
},
"ds_ZBRBhP7a": {
"name": "PieSearch",
"options": {
"enableSmartSources": true,
"query": "| tstats count where index=_internal earliest=-12h latest=now by host"
},
"type": "ds.search"
}
},
"layout": {
"globalInputs": [],
"layoutDefinitions": {
"layout_1": {
"options": {
"display": "auto",
"height": 960,
"width": 1440
},
"structure": [
{
"item": "viz_z5OzyBTT",
"position": {
"h": 300,
"w": 400,
"x": 10,
"y": 0
},
"type": "block"
},
{
"item": "viz_MRGXRquA",
"position": {
"h": 30,
"w": 250,
"x": 160,
"y": 270
},
"type": "block"
}
],
"type": "absolute"
}
},
"options": {},
"tabs": {
"items": [
{
"label": "New tab",
"layoutId": "layout_1"
}
]
}
}
}🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
Any thoughts why it is showing in GMT? It is currently 4 hours ahead, I am EST.
"ds_LYYZ83TP": {
"name": "LastUpdatedAuthByResults",
"options": {
"enableSmartSources": true,
"query": "| makeresults | eval _time=\"$AuthorizationsBySource:job.lastUpdated$\", unixTimeStamp=strptime(_time, \"%Y-%m-%dT%H:%M:%S.%QZ\"), friendlyTime=strftime(unixTimeStamp,\"%Y-%m-%d %H:%M:%S\")"
},
"type": "ds.search"
},My user preferences have my Time Zone as (GMT-400) Eastern Time (US & Canada)
My current time is 19:18:01
