I need to create a Dashboard with below columns  from below event data.   I couldn't able to get "Status" column value which is combination of  eventData{}.StatusCount{}.status and eventData{}.StatusCount{}.count Thanks in advance!!!   Dashboard five columns  and  expected values:       Date : "2021-10-14", eventKey: "event.request", ReceivedCount: 10, ProcessedCount: 10, MismatchCount: 0, Status :  DOCUMENT_REQUEST_RECEIVED:10 DOCUMENT_SUCCESS:10 DOCUMENT_NOTIFY_SUCCESS:10     "eventData": [ { "Date": "2021-10-14", "eventKey": "event.request", "ReceivedCount": 10, "ProcessedCount": 10, "MismatchCount": 0, "StatusCount": [ { "status": "DOCUMENT_REQUEST_RECEIVED", "count": 10 }, { "status": "DOCUMENT_SUCCESS", "count": 10 }, { "status": "DOCUMENT_NOTIFY_SUCCESS", "count": 10 } ] } ]

Hi, Inspired from this post: https://community.splunk.com/t5/Dashboards-Visualizations/How-can-i-re-use-Java-scripts-form-one-table-to-another-tables/m-p/414861 I modifed my Javascript to add a lense icon in two tables. Same fieldname "Metrics" same icon "lupe.png" but 2 different tables. With Splunk 8.1 it's working without any error. After the upgrade to 8.2.9 I get now this error message by accessing the App but the lens icons are still shown in both tables. The output from the developer console: TypeError: Cannot read property 'getVisualization' of undefined at eval (eval at <anonymous> ... table_lupe.js   require([ 'underscore', 'jquery', 'splunkjs/mvc', 'splunkjs/mvc/tableview', 'splunkjs/mvc/simplexml/ready!' ], function(_, $, mvc, TableView) { var CustomIconRenderer1 = TableView.BaseCellRenderer.extend({ canRender: function(cell) { return cell.field === 'Metrics'; }, render: function($td, cell) { var icon = 'lupe'; // Create the icon element and add it to the table cell $td.addClass('icon').html(_.template('<div class="myicon <%- icon%>"></div>', { icon: icon, })); } }); var CustomIconRenderer2 = TableView.BaseCellRenderer.extend({ canRender: function(cell) { return cell.field === 'Metrics'; }, render: function($td, cell) { var icon = 'lupe'; // Create the icon element and add it to the table cell $td.addClass('icon').html(_.template('<div class="myicon <%- icon%>"></div>', { icon: icon, })); } }); mvc.Components.get('lupe1').getVisualization(function(tableView1){ // Register custom cell renderer, the table will re-render automatically tableView1.addCellRenderer(new CustomIconRenderer1()); }); mvc.Components.get('lupe2').getVisualization(function(tableView2){ // Register custom cell renderer, the table will re-render automatically tableView2.addCellRenderer(new CustomIconRenderer2()); }); });     table_lupe.css   /* Custom Icons */ td.icon { text-align: center; } td.icon .lupe { background-image: url('lupe.png') !important; background-size:20px 20px; } td.icon .myicon { width: 20px; height: 20px; margin-left: auto; margin-right: auto }     Maybe some one can help me find whats the problem. Thank you.  

I get strange errors when searching messages by old dates. If I put a search for more than two hours, I immediately get the following errors: 2 errors occurred while the search was executing. Therefore, search results might be incomplete. 'stats' command: limit for values of field 'Time' reached. Some values may have been truncated or ignored. 'stats' command: limit for values of field 'messageType' reached. Some values may have been truncated or ignored. From four days: 4 errors occurred while the search was executing. Therefore, search results might be incomplete.  'stats' command: limit for values of field 'Time' reached. Some values may have been truncated or ignored. 'stats' command: limit for values of field 'eventTime' reached. Some values may have been truncated or ignored. 'stats' command: limit for values of field 'messageId' reached. Some values may have been truncated or ignored. 'stats' command: limit for values of field 'messageType' reached. Some values may have been truncated or ignored. One of my requests: index="external_system" messageType="RABIS-HeartBeat" | eval timeValue='eventTime' | eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S") | sort -_time | eval timeValue='eventTime' | eval time=strptime(timeValue,"%Y-%m-%dT%H:%M:%S") | eval Time=strftime(_time,"%Y-%m-%dT%H:%M:%S") | stats list(Time) as Time list(eventTime) as EventTime list(messageType) as MessageType list(messageId) as Messag11eId by messageType   Message example: curl --location --request POST 'http://mon.pd.dev.sis.org:8088/services/collector/raw' --header 'Authorization: Splunk 02-93-48-9-27' --header 'Content-Type: text/plain' --data-raw '{ "messageType": "HeartBeat", "eventTime": "2022-11-14T13:34:15", "messageId": "ED280816-E404-444A-A2D9-FFD2D171F9999" }' Can you please tell me how to solve these problems?  

Hi peeps, Need help to do some query. Basically I'm trying to group some of field value in the 'Category' field into new fields call 'newCategory'. Below are the sample of data: The newCategory field will have the new count for each of the new field value (such as Anonymizers, Gambling, Malicious Site). Please help.  Thank you.  

Hi there, I used to have a couple of alerts which worked using a crons expression from Monday to Saturday (*/15 7-19 * * 1-) and another for Sunday (*/15 10-15 * * 0). The requirements changed so I needed the Saturday and Sunday alert timings to be the same. I used (*/15 10-15 * * 6-7) but that didn't that didn't trigger an alert. I tried */15 10-15 * * SAT-SUN but it doesn't accept that format.   Can you help me with a crons expression for Saturday and Sunday?