Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the Time picker not working on search/dashboard?

michaelnorup
Communicator
‎08-29-2023 02:51 AM

Hi.

i have a search a show a graphchart for 14 months. If i change the timepicker it still shows 14 months for some reason. As you can see  in the picture, the time picker says 30 days, but the graph still shows 14 months. What gives?

michaelnorup_0-1693302534910.png

Also, is there a way to display a trendline on the graph? If i use the | trendline sma10(Cores) or the like, it changes the graph instead of just showing a linear line

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:29 AM

Hi @michaelnorup,

using loadjob, you display the results of an already executed search, so the Time Picker hasn't any effect on it, you can use the Time Picker on searches, not on loadjob.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:29 AM

Hi @michaelnorup,

using loadjob, you display the results of an already executed search, so the Time Picker hasn't any effect on it, you can use the Time Picker on searches, not on loadjob.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 03:37 AM

Hi Giuseppe.

Thanks makes sense, thanks alot.

Do you have any idea about the trendline then? 🙂

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:45 AM

Hi @michaelnorup,

about the trendline, if you havedata to create the trendline in the results of the loadjob , you could elaborate them.

I cannot see tem because, after a timechart you don't have other fields, see, removing the timeachart, which fields you have, so you could modify your search.

If you would help, please share your search in text mode (using the Insert/Edit Code Sample button), not as a screenshot, eventually with a masked part, to avoid to re-write all the search.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 03:49 AM

Hi 

This is the loadjob:

| savedsearch "Server - XXXXXX" | fillnull value=- | search SerialNumber!=VMware* | eval ServerName = host | eval ServerName = upper(ServerName) | eval Virtual="N/A" | eval PowerState="PoweredOn" | append [| savedsearch "Server - Vmware info" | eval CPU_Arch = "x86_64" | eval Cores = CpuCount | eval DiskGB = ProvisionedSpaceGB | eval Virtual="VMware"] | table _time Date Customer ServerName Cores MemoryGB DiskGB CPU_Arch PowerState Virtual Landscape SID System Instance | fillnull value=- | eval Date=strftime(_time, "%x") | dedup ServerName,Date

Can you use that? ^^
Thanks

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-29-2023 03:58 AM

Hi @michaelnorup,

sorry I forgot the main question: which trend do you want to display?

In other words, with the previous search you have the used number of cores, what do you want to add to the graph?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

michaelnorup
Communicator
‎08-29-2023 04:06 AM

Would love to add a trend line for the amount of cores. So its easier to see if its trending up or down (And maybe even a forecast?)

0 Karma
Reply
Get Updates on the Splunk Community!

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...