Dashboards & Visualizations

Time Picker and Submit on Dashboard

louispaul76
Engager

Hello Everyone,

I'm trying to create a dashboard for my pair critical devices. I'm not sure what is wrong with my code or if it is the token. When I click on submit, I'm getting the error: Search is waiting for input.
See below my query:

(| inputlookup critical_devices.csv
| eval SplunkHost=lower(SplunkHost)
| join SplunkHost type=outer
[| metadata index=my indexes type=hosts
| rename totalCount as Count, host as SplunkHost, lastTime as "Last Event"
| eval actualhourslag=(now()-'Last Event')/60/60
| eval SplunkHost=lower(SplunkHost)]
| fieldformat "Last Event"=strftime('Last Event', "%c")
| where actualhourslag>HoursLag OR NOT actualhourslag="*"
| stats sum(Count) by SplunkHost
| rename sum(Count) as total

| lookup critical_devices.csv SplunkHost OUTPUT PairGroup
| search PairGroup!=""
| stats count() by PairGroup
| rename count(total) as DevicesPerPairNotResponding)

Any help would be really appreciated.

Best,

Louispaul

Tags (2)
0 Karma

Vijeta
Influencer

@louispaul76 where are you using the token , can you write the query or tag where the token is being used.

0 Karma

tscroggins
Influencer

Can you provide more context? The search contains no tokens, and as written, the search will fail with an unbalanced parentheses parsing error.

0 Karma

louispaul76
Engager

Here is the beginning of the search:

Critical Pair Devices

<input type="time" token="chosentime">
  <label></label>
  <default>
    <earliest>-24h@h</earliest>
    <latest>now</latest>
  </default>
</input>


<panel>
  <title>Pairs by time</title>
  <table>
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

&#x1f342; Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...