Need to populate recent time value at the column l...

arunrajamani · ‎11-19-2019

Hello Experts,

We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Below is the dashboard view which we created and kindly help here in getting the time field to show latest value in the left and currently it was showing oldest value in the left.

Kindly help here in sharing your valuable inputs.

Cheers,
Arun

to4kawa · ‎12-10-2019

| makeresults count=2
| streamstats count
| eval _time = if (count==2,relative_time(_time,"-2d@m"), relative_time(_time,"@m"))
| makecontinuous span=1m
| eval steps="step".(random() % 7 + 1)
| bin span=3h _time
| timechart limit=0 count by steps
| eval step=strftime(_time,"%Y-%m-%dT%H:%M:%SZ") 
| table step*
| reverse
| transpose 0 header_field=step column_name=steps

Hi folks,
try reverse

niketn · ‎11-20-2019

@arunrajamani can you please refer to one of my older Answer on similar lines
https://answers.splunk.com/answers/724720/how-can-i-change-from-descendant-to-ascendant-in-t.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

arunrajamani · ‎11-20-2019

Hello nike,

Thanks for your reply.
I tried this but not working.
I need a solution with respect to chart command only so that my view shouldn't change.

Kindly help!!

arunrajamani · ‎11-19-2019

Steps 19/11-15:00 19/11-21:00 20/11-09:00 20/11-12:00
Step1 P P P F
Step2 P P P S
Step3 P P P S
Step4 P P P S
Step5 P P P S
Step6 P P P S
Step7 P P P P

arunrajamani · ‎11-20-2019

Hello Miller,

I tried reverse command aswell but not worked. Kindly help me some other way using the chart command

rmmiller · ‎11-20-2019

Does the reverse command help you accomplish this?

arunrajamani · ‎11-19-2019

Query used:

Below is the query used to generate this dashboard.

index=splunk
|spath
|rename triggered-at as StartTime
|spath path=scenarioData{}
| mvexpand scenarioData{}
| spath input=scenarioData{}

|rename environment as Environment, "business scenario" as BusinessScenario,steps{}.fullName as Steps,steps{}.status as Status steps{}.steptime as StepTime steps{}.stepduration as Duration evidenceURL as Evidence

|eval string1=mvzip(Steps,Status,"sep_")
|mvexpand string1
|rex field=string1 "(?.)sep_"
|rex field=string1 "sep_(?.)"

|eval Status = if('Status'="passed","P",if('Status'="failed","F",if('Status'="Pass","P",if('Status'="Fail","F",if('Status'="Skipped","S",if('Status'="skipped","S",'Status'))))))
|eval epoche=strptime(StartTime,"%Y-%m-%dT%H:%M:%SZ")
|eval c_time=strftime(epoche,"%d/%m-%H:00")
| search Environment="sit" AND BusinessScenario="BusinessScenario1" AND application="" AND type=""
| table Steps Status c_time StepTime Duration Evidence
| chart values(Status) by Steps,c_time

Need to populate recent time value at the column left and oldest time towards right using chart command

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Are you a member of the Splunk Community?

Need to populate recent time value at the column left and oldest time towards right using chart command

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...