Solved: Search with Pipe and Token Values only

simpkins1958 · ‎12-11-2017

I would like to populate a single value chart with calculation from tokens and nothing from a search. This works but would like to remove the index=nmi_main | head 1 which is not working.

        <search>
          <query>index=nmi_main | head 1 
               | eval totalMinutes=$totalSessionsToken$ * $minutesSavedValueToken$
               | table totalMinutes
          </query>
        </search>

DalJeanis · ‎12-11-2017

Use the | makeresults command as the generating command. That makes a single result event (with options for more) which has current _time and not a whole lot else.

https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Makeresults

View solution in original post

DalJeanis · ‎12-11-2017

Use the | makeresults command as the generating command. That makes a single result event (with options for more) which has current _time and not a whole lot else.

https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/SearchReference/Makeresults

Search with Pipe and Token Values only

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Search with Pipe and Token Values only

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability