Dashboards & Visualizations

PARSER: Applying intentions failed Unable to drilldown because of post-reporting 'filnull' command

anandhim
Path Finder

Hi,

We are using simple xml dashoboard and recently a user received this error while clicking on one of the charts. I have not been able to reproduce it, but wondering if anybody has seen this error with fillnull command ?

The search string is

  <searchString>

index=XYZ sourcetype=iis_access_log host=pop3web* OR host=popiweb* cm=PROD | eval time_taken=time_taken/1000 | timechart avg(time_taken) by host useother=f limit=100 | fillnull value=0

Tags (1)
1 Solution

dart
Splunk Employee
Splunk Employee

It's the post reporting nature of the command that is doing this. Can you rework the search to have the fillnull before like so index=XYZ sourcetype=iis_access_log host=pop3web OR host=popiweb cm=PROD | eval time_taken=time_taken/1000 | fillnull value=0 time_taken | timechart avg(time_taken) by host useother=f limit=100 and does that work?

View solution in original post

dart
Splunk Employee
Splunk Employee

It's the post reporting nature of the command that is doing this. Can you rework the search to have the fillnull before like so index=XYZ sourcetype=iis_access_log host=pop3web OR host=popiweb cm=PROD | eval time_taken=time_taken/1000 | fillnull value=0 time_taken | timechart avg(time_taken) by host useother=f limit=100 and does that work?

dart
Splunk Employee
Splunk Employee

You could override the default drilldown with dynamic drilldown

anandhim
Path Finder

Unfortunately, we are still on 4.3.4 and will take us time to eval and then upgrade to version 5. I was curious to find the reason when this kind of error would occur so I can reproduce and resolve it.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...