Hi everyone,
Pretty new to Splunk and would really appreciate your insight on my current project. Currently creating a dashboard where I want to use a timepicker to change the values in my charts depending on the time period selected by the user via the Date Range - Between.
Currently experiencing problems formatting my _time value to include DATE and eventHour together. Below is my search query and search result for reference.
Thank you in advance.
index=mainframe-platform sourcetype="mainframe:cecmaverage" EXPRSSN = D7X0
| dedup DATE EXPRSSN MIPS
| eval DATE=strftime(strptime(DATE,"%d%b%Y"),"%Y-%m-%d")
| eval HOUR=if (isnull(HOUR),"0",HOUR) | eval eventHour=substr("0".HOUR,-2,2).":00:00"
| eval _time=strptime(DATE." ".eventHour,"%Y-%m-%d %H:%M:%S")
| table DATE eventHour _time EXPRSSN MIPS
Yes it worked for the statistics table version. Would also be able to help me applying this for the time picker version (please see screenshots for reference). I was unable to use the same search query. Did I use the wrong token (timerange) by any chance when using it for earliest and latest?
@elomotanpru I was able to get it to work on my system, your Where statement looks strange, what are you trying to accomplish.
-Marco
Sorry for the delayed response. When I tried using the same query with the timepicker, the results was that it could not be found but my other query that uses a Text Input was able to return the desired data minus the DateTime format.
I thought that I needed to add the where clause for it to work because of that result. I check for the dates between February 1 2022 to March 1, 2022.
