Get single value panel to display a "date"

mjm295 · ‎09-19-2017

Hi

I have search for a dashboard which produces a graph and does predictions, I want to display the date when we expect a certain threshold to be crossed. I have added some smarts to the search so it now ends with

| eval DATE=if('high(future)' > "3.9", _time, null()) | search DATE!=null() | head 1 | fields _time

This gives me the date I require but in a stats table. How can I display it bigger such as a single value panel?

Thanks
Mark

cmerriman · ‎09-20-2017

just doing this and putting it as a single values panel should work: | eval DATE=if('high(future)' > "3.9", strftime(_time, "%Y %m %d"), null())|where isnotnull(DATE)|head 1|fields DATE or you can use |table DATE and put it in an html panel with <h2> node for a header possibly to make it larger print.

mjm295 · ‎09-19-2017

That worked - any better options?

lfedak_splunk · ‎09-20-2017

Hey @mjm295, if @cmerriman's solution worked then please don't forget to accept her answer to award karma points and close the question. 🙂

Get single value panel to display a "date"

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!