Hello Splunkers!!
I am facing an issue while running below search. As you can see in the screenshot. Can anyone help me to fix this issue.
search query :
| makeresults
| addinfo
| e...
Hi, I'm using: loadjob savedsearch because my query is big and it takes time to load. I have some multi-select filters and i want to add input time range filter. (| loadjob savedsearch="mp:search:...
Hi all
I would like to include the start and end date of my search in the email subject. For example, 'The results from 2022-11-01 to 2022-11-11'. I tried the email tokens $job.earliestTime$ a...
Hi all,
I'm new to Dashboard Studio and I'm running into an issue. I have two dates in my dataset: a created_date and a closed_date. I want to count all created_date that lies in the specified time...
I have a requirement to build a dashboard, when selected between through date and time range suppose 8/16/2023 17:00:00 and 8/16/2023 18:00:00. And want to show results for these dates a...
I want to write a splunk query which will run over the same timewindow but on a different date selected in the datetime picker. For ex. lets say I select 8th aug 10am to 8th august 10:15am ran...
Hi, I want to store earliest and latest times of my search in variables to use them in further operations.
But I am unable to do so. I am trying like below.
| makeresults | eval jobEarliestTi...
index=my_index source="/var/log/nginx/access.log"
| stats avg(request_time) as Average_Request_Time
| where Average_Request_Time >1 I have this query setup as an alert if my web ...
...ropdown as per requirement. Now wondering how to use it in rest of the dashboard so dashboard will get updated as per selection. Query | makeresults
| addinfo
| eval date=mvrange(info_min_time,i...
...earch, however it doesn't return any events:
foo| timechart count span=1h
| where strftime(_time, "%A %H")==strftime(latest,"%A %H")
I tried using addinfo, but to no avail:
foo
| addinfo...