Splunk Search

How to Add time in the Dashboard

exchanger
Path Finder

Hello,

I have a query (e.g. "....... " | stats count, avg(...)) and after that I get as result
OwnColumn Count AVG
XYZ                 20           40

As another column I would like to have the time of my request (last week, last 24 hours), depending on what I selected. And that in readable time.
Now I found the following command to show me the time.
| addinfo
| convert ctime(*)
| eval reportDate=info_min_time." to ".info_max_time
| table reportDate
| rex field=reportDate "(?<FirstPart>.*\d+:\d+:\d+).*\s+to\s+(?<SecondPart>.*\d+:\d+:\d+)"
| eval reportDate=FirstPart." to ".SecondPart
| fields reportDate

I customized it the query : "fields OwnColumn, reportDate, count, AVG..." so I can see my queries in the dashboard.
So requested would be
OwnColumn reportDate                                                                               count         AVG
XXX                 02/21/2021 00:00:00 to 02/28/2021 00:00:00      20                40
However, I either get only the reportDate and all the others remain empty or it converts the data from the other queries also into a date, so that 43 (which was for example in count) then also becomes a date. How do I change the query to get what I want?

 

Labels (2)
0 Karma
1 Solution

manjunathmeti
SplunkTrust
SplunkTrust

hi @exchanger,

Function ctime(*) converts all field values. Change it to ctime(info_*_time).

| addinfo
| convert ctime(info_*_time) timeformat="%m/%d/%Y %H:%M:%S"
| eval reportDate=info_min_time." to ".info_max_time
| fields OwnColumn, reportDate, count, AVG

 

If this reply helps you, an upvote/like would be appreciated.

 

View solution in original post

manjunathmeti
SplunkTrust
SplunkTrust

hi @exchanger,

Function ctime(*) converts all field values. Change it to ctime(info_*_time).

| addinfo
| convert ctime(info_*_time) timeformat="%m/%d/%Y %H:%M:%S"
| eval reportDate=info_min_time." to ".info_max_time
| fields OwnColumn, reportDate, count, AVG

 

If this reply helps you, an upvote/like would be appreciated.

 

Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...