Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Invalid value Drilldown error
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Invalid value Drilldown error
ssingh313
Path Finder
08-03-2016
08:25 AM
I have a table on my dashboard which contains values that link to the actual data log on splunk. I am trying to open the data logs within the dashboard and I am using the drilldown code below but I keep on getting an "Invalid value "1468323531.846-1" for time term 'earliest' " error. Below is the code I'm using. Anyone know how I can fix this?
<drilldown>
<set token="tok_ShowEvents">true</set>
<set token="e">$click.value$-1</set>
<set token="l">$click.value$+1</set>
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query> index=windoesapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | eval x="$tok_ShowEvents$" | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)" </query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
08-08-2016
07:19 AM
Try to calculate the token value in your search using eval command and relative_time function instead to calculate the "-1d" in the token.
... | eval tok_e=relative_time(_time,"-d") | ...
After pass the value to the token and then hide the field with the <fields> option.
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
05:41 PM
Give this a try for your first table's drilldown
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
06:10 PM
do I add this to the code or change the drilldown code that I have?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
06:30 PM
Replace yours with this one (for drilldown only)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
06:40 PM
It gives me a "Search is waiting for input" error message.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2016
07:08 PM
Just to be sure, your code looks like this now?
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default></default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
10:25 AM
my code looks like this but I still get a "Search is waiting for input... " error. Is there another method to test this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
11:47 AM
There is a textbox, do you have a default value set for that? I copied the code from one of your code and the * gets truncated sometime in comments. So check that and assign a default value to your <input type="text" token="tok_ID"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
12:25 PM
That textbox is used to search specific attributes in the table so there isn't a defaultt value for that. I want the logs to be able to be displayed once you click on that attribute regardless of there be something in the search box or not. is that possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
12:32 PM
To facilitate that only we need to set some default value to the text box. It can either be some spaces OR best *. So Splunk will load the table on dashboard load and filter the data when the value is changed in the text box.
Try this first for your input text
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default> </default>
</input>
If it doesn't work, then try this
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-05-2016
12:47 PM
It tried both and it still gives me the same error
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-05-2016
12:49 PM
Can you provide your dashboard xml with second option (default value as *)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-08-2016
07:25 AM
This is what the XML code looks like, it is currently displaying all the logs in the server when I click on a specific attribute instead of just that log is there a way to fix that.
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-08-2016
07:07 AM
Here is the XML code so far, right now it opens the data logs but it shows all the data logs when I click on a specific attribute instead of just that one. is there a way to fix that?
<form>
<label>Genesys Search Test</label>
<fieldset submitButton="false" autoRun="true">
<input type="text" token="tok_ID" searchWhenChanged="true">
<label>ConnID/CallUUID</label>
<default>*</default>
</input>
</fieldset>
<row>
<panel>
<title>Genesys Server</title>
<table>
<title>Avaya Tserver</title>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver "$tok_ID$" | rex"(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex"AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex"AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex"AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex"AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"|rex"AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"|rex"AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"|table_time EventName AttributeConnID AttributeANI AttributeDNIS AttributeCallType AttributeCallUUID AttributeUserData| where isnotnull(AttributeANI)</query>
<earliest>-30d@d</earliest>
<latest>now</latest>
</search>
<drilldown>
<condition>
<set token="tok_ShowEvents">true</set>
<eval token="e">$click.value$-1</eval >
<eval token="l">$click.value$+1</eval >
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</condition>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query>index=windowsapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)"</query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
08:35 AM
Try this
<drilldown>
<set token="tok_ShowEvents">true</set>
<eval token="e">relative_time($click.value$, "-1s")</eval>
<eval token="l">relavitve_time($click.value$, "+1s")</eval>
<set token="AttributeConnID">$row.AttributeConnID$</set>
<set token="AttributeANI">$row.AttributeANI$</set>
<set token="AttributeCallType">$row.AttributeCallType$</set>
<set token="AttributeDNIS">$row.AttributeDNIS$</set>
<set token="AttributeCallUUID">$row.AttributeCallUUID$</set>
</drilldown>
<option name="wrap">undefined</option>
<option name="rowNumbers">undefined</option>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">bubble</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="count">10</option>
</table>
</panel>
</row>
<row>
<panel depends="$tok_ShowEvents$">
<event>
<search>
<query> index=windoesapps sourcetype=Genesys_AvayaTserver earliest=$e$ latest=$l$ | eval x="$tok_ShowEvents$" | rex "(Trc|Adjusted|distribute_event|distribute_user_event|send_to_client|distribute_response):?\s\w+\s(?<EventName>\w+)"| rex "AttributeConnID'?\s'?(?<AttributeConnID>[^\t\n\r]+)"| rex "AttributeANI'?\s'?(?<AttributeANI>[^\t\n\r]+)"| rex "AttributeDNIS'?\s'?(?<AttributeDNIS>[^\t\n]+)"| rex "AttributeCallType'?\s'?(?<AttributeCallType>[^\t\n]+)"| rex "AttributeCallUUID'?\s'?(?<AttributeCallUUID>[^\t\n]+)"| rex "AttributeUserData'?\s'?(?<AttributeUserData>[^\t\n]+)" </query>
<earliest></earliest>
<latest></latest>
</search>
</event>
</panel>
</row>
</form>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
08:44 AM
this is still giving me the same error Invalid value "1468323531.847-1" for time term 'earliest'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
02:49 PM
If there us another way let me know
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
03:14 PM
Do you have any other place where you're doing a $earliest$-1? It appears the change did not take effect.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssingh313
Path Finder
08-03-2016
04:06 PM
I have earliest and latest as part of another query within the code.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
08-03-2016
04:09 PM
are you subtracting 1 from earliest and/or latest in that query? Try removing the two eval elements from your code and see if the error goes away.
Get Updates on the Splunk Community!
Developer Spotlight with Paul Stout
Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...
State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...
For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...
Data-Driven Success: Splunk & Financial Services
Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...
