Hello everyone!
I'm tying to build a Dashboard from a db connected to splunk server thanks to dbconnect.
From my query, i don't get event, but only a table from my db.
I would like to create a timechart using a column of my table as time. This column is a UNIX (epoch) time.
So i tried a lot of ways like :
myquery | eval _time=strftime(my_unix_time_column,"%Y-%m-%d %H:%M:%S")| timechart count by another_column
And don't get what i want 😞
I guess i have a problem when i convert my unix time
Do you have any idea?
Thank you!
Gaspard
... View more