Hi Everyone, I have one query like this which is showing the count of the Failed jobs in a single value like shown below: <panel> <title>Count of Jobs Failed</title> <single> <search> <query>in...
See more...
Hi Everyone, I have one query like this which is showing the count of the Failed jobs in a single value like shown below: <panel> <title>Count of Jobs Failed</title> <single> <search> <query>index=abc source="/splunkLogs/JOB_MDJX_CS_STATS_PLATINUM.csv"| eval fields=split(_raw,",") |eval Environment=mvindex(fields,11)|eval JOBFLOW_ID=mvindex(fields,0) |eval JOB_EXEC_TIME=mvindex(fields,8)|eval RunDate=mvindex(fields,3)|eval JOB_STATUS=mvindex(fields,5)|where Environment="E3"|where JOBFLOW_ID LIKE "%%"|eval RunDate="20".mvindex(fields,3)|eval Run_Date=strptime(RunDate,"%Y%m%d") |fieldformat Run_Date=strftime(Run_Date,"%d/%b/%Y")|where JOB_STATUS=="FAILED"|stats COUNT</query> <earliest>-2d@d</earliest> <latest>now</latest> <sampleRatio>1</sampleRatio> </search> <option name="colorBy">value</option> <option name="colorMode">none</option> <option name="drilldown">all</option> <option name="numberPrecision">0</option> <option name="rangeColors">["0x53a051", "0x0877a6", "0xf8be34", "0xf1813f", "0xdc4e41"]</option> <option name="rangeValues">[0,30,70,100]</option> <option name="refresh.display">progressbar</option> <option name="showSparkline">1</option> <option name="showTrendIndicator">1</option> <option name="trellis.enabled">0</option> <option name="trellis.scales.shared">1</option> <option name="trellis.size">medium</option> <option name="trendColorInterpretation">standard</option> <option name="trendDisplayMode">absolute</option> <option name="unitPosition">after</option> <option name="useColors">0</option> <option name="useThousandSeparators">1</option> <drilldown> <set token="show_panel">true</set> <set token="selected_value">$click.value$</set> </drilldown> </single> I am getting the single value as 2 which are the Failed Job I want when I should Click on 2 it should show me the details of the two failed Jobs. I have tried like this but not working. Can someone guide me on this: <panel depends="$show_panel$"> <table> <title>Failed RID Details</title> <search> <query>index=abc source="/splunkLogs/JOB_MDJX_CS_STATS_PLATINUM.csv"| eval fields=split(_raw,",") |eval Environment=mvindex(fields,11)|eval JOBFLOW_ID=mvindex(fields,0) |eval JOB_EXEC_TIME=mvindex(fields,8)|eval RunDate=mvindex(fields,3)|eval JOB_STATUS=mvindex(fields,5)|where Environment="E3"|where JOBFLOW_ID LIKE "%%"|eval RunDate="20".mvindex(fields,3)|eval Run_Date=strptime(RunDate,"%Y%m%d") |fieldformat Run_Date=strftime(Run_Date,"%d/%b/%Y")|where JOB_STATUS=="FAILED" $selected_value$ </query> <earliest>-2d@d</earliest> <latest>now</latest> </search> <option name="count">100</option> </table> </panel> Can someone guide me on this.