Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can we use if else case condition in case of NaN, so that I can use now() in case of NaN?

dkssingh2005
Explorer
‎05-02-2022 12:50 PM

while searching through all time  in filter  drop down, i am getting NaN value for "$tokLatest$", I don't know why its coming. For others like- week to date, month to date its coming fine. Only issue  is coming for All time.

 

I don't know why its coming. Below is the code snippets. Any solution for this???????

How  can we use if else case condition in case of NaN.  so that I can use now() in case of NaN. Any solution?????????

<search>
<query> |makeresults
</query>
<earliest>$timepicker.earliest$</earliest>
<latest>$timepicker.latest$</latest>
<progress>
<eval token="tokEarliest">strptime($job.earliestTime$,"%Y-%m-%dT%H:%M:%S.%3N%z")</eval>
<eval token="tokLatest">strptime($job.latestTime$,"%Y-%m-%dT%H:%M:%S.%3N%z")</eval>
<eval token="tokEarliest1">strftime(relative_time(tokEarliest,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>
<eval token="tokEarliest1">strftime(relative_time(tokLatest,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>
</progress>
</search>
<description>draft event ingestion rate by wfm at day or hour level</description>
<fieldset submitButton="true" autoRun="false">
<input type="time" token="timepicker" searchWhenChanged="false">
<label>Time Range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>

</fieldset>

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-03-2022 01:08 AM

Try these changes

<eval token="tokLatest">if(isnull($job.latestTime$),now(),strptime($job.latestTime$,"%Y-%m-%dT%H:%M:%S.%3N%z")</eval>
<eval token="tokEarliest1">strftime(relative_time($tokEarliest$,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>
<eval token="tokLatest1">strftime(relative_time($tokLatest$,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>

View solution in original post

Reply
Solved! Jump to solution

dkssingh2005
Explorer
‎05-03-2022 02:24 AM

@ITWhisperer , Thanks for your's solution

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-03-2022 01:08 AM

Try these changes

<eval token="tokLatest">if(isnull($job.latestTime$),now(),strptime($job.latestTime$,"%Y-%m-%dT%H:%M:%S.%3N%z")</eval>
<eval token="tokEarliest1">strftime(relative_time($tokEarliest$,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>
<eval token="tokLatest1">strftime(relative_time($tokLatest$,"-330m"),"%Y-%m-%d %H:%M:%S.%3N")</eval>
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...