How to get previous date values in the dashboard t...

sekhar463 · ‎06-01-2023

i have data in the event with date field

and while saving the same search in the dashboard studio table its giving previous date values

not giving exact values as event data

index=test sourcetype="test Data*"
| sort -time
| dedup TABLE_NAME
| table TABLE_NAME MAX_POSITION_DATE MAX_DMA_RUN_DATETIME

TABLE_NAME MAX_POSITION_DATE MAX_DMA_RUN_DATETIME
5858585 L 2023-06-01 00:00:00.000 2023-06-01 06:48:12.225
46466464 2023-05-31 00:00:00.000 2023-06-01 03:02:58.000

ITWhisperer · ‎06-01-2023

Assuming your time field is a numeric timestamp, the sort will put the events in descending time order i.e. latest first. The dedup will keep the first event in the pipeline for each table name.

Without seeing the exact data you are dealing with, it is not possible to say whether the values you are showing are correct or not, but given the above assumptions, if you are not getting the data you are expecting, you should look closer at your actual data to determine where the discrepancy may have arisen from.

How to get previous date values in the dashboard table apart from event data?

data

sourcetype

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation