Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the Time picker not working on search/dashboard?

michaelnorup
Communicator
‎08-29-2023 02:51 AM

Hi.

i have a search a show a graphchart for 14 months. If i change the timepicker it still shows 14 months for some reason. As you can see  in the picture, the time picker says 30 days, but the graph still shows 14 months. What gives?

michaelnorup_0-1693302534910.png

Also, is there a way to display a trendline on the graph? If i use the | trendline sma10(Cores) or the like, it changes the graph instead of just showing a linear line

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:29 AM

Hi @michaelnorup,

using loadjob, you display the results of an already executed search, so the Time Picker hasn't any effect on it, you can use the Time Picker on searches, not on loadjob.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:29 AM

Hi @michaelnorup,

using loadjob, you display the results of an already executed search, so the Time Picker hasn't any effect on it, you can use the Time Picker on searches, not on loadjob.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 03:37 AM

Hi Giuseppe.

Thanks makes sense, thanks alot.

Do you have any idea about the trendline then? 🙂

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:45 AM

Hi @michaelnorup,

about the trendline, if you havedata to create the trendline in the results of the loadjob , you could elaborate them.

I cannot see tem because, after a timechart you don't have other fields, see, removing the timeachart, which fields you have, so you could modify your search.

If you would help, please share your search in text mode (using the Insert/Edit Code Sample button), not as a screenshot, eventually with a masked part, to avoid to re-write all the search.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 03:49 AM

Hi 

This is the loadjob:

| savedsearch "Server - XXXXXX" | fillnull value=- | search SerialNumber!=VMware* | eval ServerName = host | eval ServerName = upper(ServerName) | eval Virtual="N/A" | eval PowerState="PoweredOn" | append [| savedsearch "Server - Vmware info" | eval CPU_Arch = "x86_64" | eval Cores = CpuCount | eval DiskGB = ProvisionedSpaceGB | eval Virtual="VMware"] | table _time Date Customer ServerName Cores MemoryGB DiskGB CPU_Arch PowerState Virtual Landscape SID System Instance | fillnull value=- | eval Date=strftime(_time, "%x") | dedup ServerName,Date

Can you use that? ^^
Thanks

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:58 AM

Hi @michaelnorup,

sorry I forgot the main question: which trend do you want to display?

In other words, with the previous search you have the used number of cores, what do you want to add to the graph?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 04:06 AM

Would love to add a trend line for the amount of cores. So its easier to see if its trending up or down (And maybe even a forecast?)

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...