Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DB Query dumps a table. How do I search only on the most recent table snapshot?

ocallender
Explorer
‎02-11-2014 12:00 PM

Hi folks,
This might be elementary, but here goes:

I have a Database input that grabs all open tickets from our helpdesk system. This runs every 5 minutes. So I end up with a nice index of table snapshots and I can create nice timecharts with span=5m showing how metrics change (every 5 minutes).

But what if I wanted to visualise a pie chart showing currently open vs on-hold tickets? All of that data would come from the last data dump that was done. The quick and dirty solution i found was to set the tme reange as 5 minute window. That way, the chart updates each time a data dump is done and ignores the data from teh last dump because it happened more than 5 minutes ago.

I guess this works, but if I change the pooling interval to 10 minutes, I'd have to change the time window to match the polling rate in all of my dashboards. I can't help thinking that there is a better way.

Regards,
Okolo

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎02-11-2014 12:27 PM

This should give you the latest status value for tickets:

index=your_index status="open" OR status="on_hold" | stats latest(status) as status by ticket_number | ...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

araitz
Splunk Employee
Splunk Employee
‎02-11-2014 12:27 PM

This should give you the latest status value for tickets:

index=your_index status="open" OR status="on_hold" | stats latest(status) as status by ticket_number | ...
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...