Hi @sb01splunk, I tried using your second code, but the value of token "ProjectName" as all_projects  It does not take the query results in the dropdown.  Can you please suggest how to resolve it? Thank you Taruchit ... View more

Hi @dyapasrikanth  I wish this can be done better, however date_hour i understood its not being extracted by Splunk from _time but actually its from original event FYI. About default fields (host, source, sourcetype, and more) - Splunk Documentation Following should work, extracted hour from _time. you would find events upto 17:59 as time_hour = 17,  you need to further change this condition using time_min   index=abc "userId:" | eval time_hour=strftime(_time, "%H") , time_min=strftime(_time, "%M") | where time_hour >=9 AND time_hour<=17 | rex field=message "userId: (?<customerId>.*)" | timechart span=1h dc(customerId) as "Unique customer count"   --- An upvote would be appreciated if it helps! ... View more

Somehow the field "Total" is missing. Did you add the eventstats to  the search ? Can you share your search ? ... View more

I got it finally with mvzip & mvexpand, not sure it is a best solution   | rex field=message max_match=0 "(?<category>\w+):\s(?<amount>\d*\.?\d*)" | eval temp = mvzip(category,amount, "#") | mvexpand temp | rex field=temp "(?<category>.+)#(?<amount>.+)" | eval category=case( category="category1", "Category 1", category="category2", "Category 2", category="category3", "Category 3") | chart sum(amount) as Amount by userType, category | addtotals        ... View more

splunk default pdf export has this problem where the alignment and data panels get disrupted  if  the visualization looks good and you want the same to be exported in the pdf you can try  the smart pdf exporter in splunk app    https://splunkbase.splunk.com/app/4030/ ... View more

Your dropdown code seems incorrect per your query. For displaying data to dropdown, you've configured following:- <fieldForLabel>Environment</fieldForLabel> <fieldForValue>env_name</fieldForValue> Values of both attribute points to a field in the search result (search result field specified in fieldForLabel will be shown as labels in dropdown and field specified in fieldForValue will be used as value for corresponding label). You search query has just env_name and count as field, so fieldForLabel is wrong here. Try this <fieldForLabel>env_name</fieldForLabel> <fieldForValue>env_name</fieldForValue> ... View more

If your problem is resolved, please accept an answer to help future readers. ... View more

@dyapasrikanth - Did the answer provided by niketnilay help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks! ... View more