Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Invalid value Drilldown error
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Invalid value Drilldown error
ssingh313
Path Finder
08-03-2016
08:25 AM
I have a table on my dashboard which contains values that link to the actual data log on splunk. I am trying to open the data logs within the dashboard and I am using the drilldown code below but I keep on getting an "Invalid value "1468323531.846-1" for time term 'earliest' " error. Below is the code I'm using. Anyone know how I can fix this?
<drilldown>
<set token="tok_ShowEvents">true</set>
<set token="e">$click.value$-1</set>
<set token="l">$click.value$+1</set>
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query> index=windoesapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | eval x="$tok_ShowEvents$" | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)" </query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
08-08-2016
07:19 AM
Try to calculate the token value in your search using eval command and relative_time function instead to calculate the "-1d" in the token.
... | eval tok_e=relative_time(_time,"-d") | ...
After pass the value to the token and then hide the field with the <fields> option.
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
05:41 PM
Give this a try for your first table's drilldown
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
06:10 PM
do I add this to the code or change the drilldown code that I have?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
06:30 PM
Replace yours with this one (for drilldown only)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
06:40 PM
It gives me a "Search is waiting for input" error message.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
07:08 PM
Just to be sure, your code looks like this now?
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default></default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
10:25 AM
my code looks like this but I still get a "Search is waiting for input... " error. Is there another method to test this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
11:47 AM
There is a textbox, do you have a default value set for that? I copied the code from one of your code and the * gets truncated sometime in comments. So check that and assign a default value to your <input type="text" token="tok_ID"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
12:25 PM
That textbox is used to search specific attributes in the table so there isn't a defaultt value for that. I want the logs to be able to be displayed once you click on that attribute regardless of there be something in the search box or not. is that possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
12:32 PM
To facilitate that only we need to set some default value to the text box. It can either be some spaces OR best *. So Splunk will load the table on dashboard load and filter the data when the value is changed in the text box.
Try this first for your input text
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default> </default>
</input>
If it doesn't work, then try this
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
12:47 PM
It tried both and it still gives me the same error
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
12:49 PM
Can you provide your dashboard xml with second option (default value as *)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-08-2016
07:25 AM
This is what the XML code looks like, it is currently displaying all the logs in the server when I click on a specific attribute instead of just that log is there a way to fix that.
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-08-2016
07:07 AM
Here is the XML code so far, right now it opens the data logs but it shows all the data logs when I click on a specific attribute instead of just that one. is there a way to fix that?
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
08:35 AM
Try this
<drilldown>
<set token="tok_ShowEvents">true</set>
<eval token="e">relative_time($click.value$, "-1s")</eval>
<eval token="l">relavitve_time($click.value$, "+1s")</eval>
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query> index=windoesapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | eval x="$tok_ShowEvents$" | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)" </query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
08:44 AM
this is still giving me the same error Invalid value "1468323531.847-1" for time term 'earliest'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
02:49 PM
If there us another way let me know
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
03:14 PM
Do you have any other place where you're doing a $earliest$-1? It appears the change did not take effect.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
04:06 PM
I have earliest and latest as part of another query within the code.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
04:09 PM
are you subtracting 1 from earliest and/or latest in that query? Try removing the two eval elements from your code and see if the error goes away.
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Tech Talk Recap | Mastering Threat Hunting
Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...
Observability for AI Applications: Troubleshooting Latency
If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
