Solved: Re: How to create a data summary panel containing ...

nidet · ‎03-24-2015

I want to make a panel that contains the host and the date of the last update, such as shown in the link. I used this, but I cannot place the date at the end in results.
host, count (sparkline), last update

host="*" | stats sparkline count by host

https://www.dropbox.com/s/kk4xpbdv290r1jj/splunk.JPG?dl=0

fdi01 · ‎03-25-2015

TRY LIKE THIS:
host="*" | stats sparkline count latest(_time) as "Last Update" by host| fieldformat "Last Update"=strftime('Last Update', "%c")

View solution in original post

fdi01 · ‎03-25-2015

TRY LIKE THIS:
host="*" | stats sparkline count latest(_time) as "Last Update" by host| fieldformat "Last Update"=strftime('Last Update', "%c")

martin_mueller · ‎03-24-2015

Use latest(_time) as "Last Update" in your stats.

martin_mueller · ‎03-25-2015

That's an epoch timestamp which needs to be formatted for displaying to humans.

nidet · ‎03-25-2015

Hi, Martin
Thanks for you answer is good. but i have large numbers in last update: 1427301579

host="*" | stats sparkline count latest(_time) as "Last Update" by host

would have to add another command or have an idea that I can investigate to solve the number?

Thanks, Martin

How to create a data summary panel containing the host and the date of its last update?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!