Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Get single value panel to display a "date"

mjm295
Path Finder
‎09-19-2017 11:12 PM

Hi

I have search for a dashboard which produces a graph and does predictions, I want to display the date when we expect a certain threshold to be crossed. I have added some smarts to the search so it now ends with

| eval DATE=if('high(future)' > "3.9", _time, null()) | search DATE!=null() | head 1 | fields _time

This gives me the date I require but in a stats table. How can I display it bigger such as a single value panel?

Thanks
Mark

0 Karma
Reply

cmerriman
Super Champion
‎09-20-2017 04:44 AM

just doing this and putting it as a single values panel should work: | eval DATE=if('high(future)' > "3.9", strftime(_time, "%Y %m %d"), null())|where isnotnull(DATE)|head 1|fields DATE or you can use |table DATE and put it in an html panel with <h2> node for a header possibly to make it larger print.

Reply

mjm295
Path Finder
‎09-19-2017 11:14 PM

| eval DATE=if('high(future)' > "3.9", _time, null()) | search DATE!=null() | head 1 | fields _time | eval mytime=strftime(_time, "%Y %m %d") | table mytime

That worked - any better options?

0 Karma
Reply

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 12:55 PM

Hey @mjm295, if @cmerriman's solution worked then please don't forget to accept her answer to award karma points and close the question. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...