Solved: How to create a data summary panel containing the ...

nidet · ‎03-24-2015

I want to make a panel that contains the host and the date of the last update, such as shown in the link. I used this, but I cannot place the date at the end in results.
host, count (sparkline), last update

host="*" | stats sparkline count by host

https://www.dropbox.com/s/kk4xpbdv290r1jj/splunk.JPG?dl=0

martin_mueller · ‎03-24-2015

Use latest(_time) as "Last Update" in your stats.

nidet · ‎03-25-2015

Hi, Martin
Thanks for you answer is good. but i have large numbers in last update: 1427301579

host="*" | stats sparkline count latest(_time) as "Last Update" by host

would have to add another command or have an idea that I can investigate to solve the number?

Thanks, Martin

martin_mueller · ‎03-25-2015

That's an epoch timestamp which needs to be formatted for displaying to humans.

fdi01 · ‎03-25-2015

TRY LIKE THIS:
host="*" | stats sparkline count latest(_time) as "Last Update" by host| fieldformat "Last Update"=strftime('Last Update', "%c")

View solution in original post

How to create a data summary panel containing the host and the date of its last update?

Re: How to create a data summary panel containing the host and the date of its last update?

Re: How to create a data summary panel containing the host and the date of its last update?

Re: How to create a data summary panel containing the host and the date of its last update?

Re: How to create a data summary panel containing the host and the date of its last update?