hi
I use the search below and I filter the data with 2 token
| inputlookup tablet_host.csv
| lookup PanaBatteryStatus.csv "Hostname00" as host OUTPUT BatteryTemp00 BatteryModel00 CycleCount00 HealthState00 LastRecalibration00 ManufactureDate00 DesignCapacity00
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| stats values(SITE) as SITE values(BatteryModel00) as BatteryModel values(CycleCount00) as CycleCount values(HealthState00) as HealthState values(LastRecalibration00) as LastRecalibration values(ManufactureDate00) as ManufactureDate values(DesignCapacity00) as DesignCapacity by host
| search CycleCount=$tok_cycle$
| search HealthState=$tok_health$
| sort +host
I have an issue with | search HealthState=$tok_health$
By default, the filter value is : <85
The filter works but in the result I also have events where healthstate = 100,00 or more!
conversely, when I m doing >85 I have no events where value is 100,00 or more!
what is the problem please??
Looks like your healthstate field is interpreted as a string. Try inserting an | eval HealthState=tonumber(HealthState)
between the stats and the search commands.
Looks like your healthstate field is interpreted as a string. Try inserting an | eval HealthState=tonumber(HealthState)
between the stats and the search commands.
I Have no results when i add the code :
stats values(SITE) as SITE values(BatteryModel00) as BatteryModel values(CycleCount00) as CycleCount values(HealthState00) as HealthState values(LastRecalibration00) as LastRecalibration values(ManufactureDate00) as ManufactureDate values(DesignCapacity00) as DesignCapacity by host
| eval HealthState=tonumber(HealthState)
| search CycleCount$tok_cycle$
| search HealthState$tok_health$
| sort +host
Ah, my bad, the issue is with the comma instead of . as decimal separator. Try it like this:
| eval HealthState=tonumber(replace(HealthState,",","."))
i cant accept your answer I dont know why??
I converted the relevant comment to an answer, you should be able to accept that now 🙂
perfect!! thanks
Dear @jip31,
Are you trying to pass value as mentioned below.
| search CycleCount=<85
| search HealthState=<85
OR
| search CycleCount=>85
| search HealthState=>85
Can you try something like this
| search CycleCount<=85
| search HealthState<=85
OR
| search CycleCount>=85
| search HealthState>=85
Thanks,
Shankarananth
Sorry I have spoken too fast
no encoded issue but I have an error ith OR : operator is missing a clause on the right hand side
but if I only do :
| search CycleCount<=85
| search HealthState<=85
I have always events > 85!
Dear @jip31,
It's ok no problem..
Is below code are the one you're expecting to achieve..
Kindly provide the screen-shot of error, your getting while adding the below code to your query.
| search CycleCount<=85
| search HealthState<=85
In What manner you're going to pass the token value eg 85 or >85 or <85 or !85.
Thanks..
Ihave no error with this code shankarananth but I have the same problem : even if I m doing > 85 I have events =100 or more...
@ jip3,
Is above mentioned code latest one ..
can you display the complete code one more time ..
Thanks..
Here is the xml
<form>
<label>Hardware Monitoring - Battery details</label>
<fieldset submitButton="true">
<input type="text" token="tok_cycle" searchWhenChanged="true">
<label>CycleCount</label>
<default>> 200</default>
<initialValue>*</initialValue>
</input>
<input type="text" token="tok_health" searchWhenChanged="true">
<label>HealthState</label>
<default>< 85</default>
<initialValue>*</initialValue>
</input>
</fieldset>
<row>
<panel>
<table>
<search>
<query>| inputlookup tablet_host.csv
| lookup PanaBatteryStatus.csv "Hostname00" as host OUTPUT BatteryTemp00 BatteryModel00 CycleCount00 HealthState00 LastRecalibration00 ManufactureDate00 DesignCapacity00
| lookup lookup_cmdb_fo_all.csv HOSTNAME as host output SITE
| stats values(SITE) as SITE values(BatteryModel00) as BatteryModel values(CycleCount00) as CycleCount values(HealthState00) as HealthState values(LastRecalibration00) as LastRecalibration values(ManufactureDate00) as ManufactureDate values(DesignCapacity00) as DesignCapacity by host
| search CycleCount$tok_cycle$
| search HealthState$tok_health$
| sort +host</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="count">10</option>
<option name="drilldown">row</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
Can you share a screenshot as well?
hi
when I do this I have an "encoded" issue with > or <
Hi,
I think you should take below point into consideration about command. Might be this could help you in some extent.
Specify the number of results to return from the sorted results. If no count is specified, the default limit of 10000 is used. If 0 is specified, all results are returned.
Thanks
try wrapping your token in tonumber function like
| eval health = tonumber($tok_health|s$)
hi
I have an issue : Error in 'eval' command: The arguments to the 'tonumber' function are invalid.
Yeah, that of course doesn't work when you include the < operator in the token value.