Use of >1 annotation using >1 epoch for earliest a...

Splunk Search

I am using the search type annotation to add annotations to my panels via simple XML.

This is an example of the simple XML i use to add a single annotation for a specific epoch period to a single panel:

Example of XML:

        <search type="annotation">
          <query>index="my_index_pr" source="my_source_pr" 

          | timechart sum(my_number)  as "my_summed_number"

| eval annotation_label = "Update: Something important"
| eval annotation_category = label</query>
          <earliest>1537142400</earliest>
          <latest>1537228800</latest>
        </search>

This works fine, until i want to add >1 annotation to a single panel.

Duplicating the XML and replacing the earliest and latest with the additional epoch timestamps, does not work.

The warning in Splunk is "Duplicate search type annotation is not allowed"

How can i add >1 annotation using multiple epoch timestamps to a single panel?

Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...