adding fields to a simpleResultsTable?

dlovett · ‎12-11-2012

This should be a simple search to find the age of unresolved help desk tickets. I'm new to splunk thus there may be a better way to to this. I simply want to display the results in a simpleResultsTable on a dashboard using advanced XML except I can't get "myField" to show up in a SimpleResultsTable. Any thoughts?

<module name="HiddenSearch" layoutPanel="panel_row2_col2" group="Oldest Unsolved Tickets" autoRun="True">

<param name="search">sourcetype=Remedy_Tickets | transaction ID CreateDate | where eventcount=1 AND QueryType="CREATED" | eval myField=round((now - CreateDate)/60/60/24, 1) | sort CreateDate</param>

<param name="earliest">-7d@d</param>

<param name="latest">@d</param>

<module name="SimpleResultsTable">

<param name="fields">_time ID Group myField</param>

</module>

</module>

dlovett · ‎12-11-2012

Actually, this appears to give the results I'm looking for:

sourcetype=Remedy_Tickets | transaction ID CreateDate | where eventcount=1 AND QueryType="CREATED" | eval dur=round((now() - CreateDate)/60/60/24, 1) | stats values(ID) as ID, values(Group) as Group, values(dur) as Days | sort CreateDate

adding fields to a simpleResultsTable?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

adding fields to a simpleResultsTable?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits