Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Query runs ok in dashboard but not in "New Search"

hamilton1979
Engager
‎03-31-2019 10:54 PM

Hi all,

I receive the following error when I try to run my query as a "New Search". The query runs fine without issue in my dashboard!

Error in 'eval' command: The expression is malformed. Expected ).

I've copied my query in below, replacing what could be deemed sensitive data with XXXXX.

index=XXXXXX sourcetype="XXXXXXXXX" uri_path = "/XXX/portal/screen/AjaxScreen/action/GetXXXXXX*" | bin _time span=10m | eval resp_time = mvindex(split(other," "),0) | eval resp_time_sec = (resp_time/1000000) | convert ctime(_time) as Time timeformat="%d%m %H"| stats perc50(resp_time_sec) as median_resp by _time | eval Critical = if(median_resp>4,median_resp,0) | eval Warning = if(median_resp>2.5 AND median_resp<=4 ,median_resp,0) | eval OK = if(median_resp<=2.5,median_resp,0) | table _time,Critical,Warning,OK

Could someone help shed some light why the behavior is different in the dashboard vs. Search?

Tags (1)
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎04-01-2019 06:01 AM

@hamilton1979

Can you please share sample Panel code from your dashboard XML?

0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...