added by goin to manage apps, edit properties, add file from UI. file will go to appserver/static folder ... View more

i added exactly your code to my local splunk. But i am getting 404 not found error. @kamlesh_vaghela      ... View more

Did you get answer for this? i am having similar problem ... View more

Did you get answer to this? ... View more

what i need is, date range values should be displayed on the browser with the filter itself. now what is happening is, if you want to see the date range that you have selected, then you need to click on the filter box otherwise it wont show you the date range values you selected. I want selected date range values should be displayed in the filter panel so that i do not need to click on date filter button to see the selected date range. I hope you understood my question ... View more

in title, it is coming in epoch time format, how to change it to human readable format? OR is it possible to show below/beside the date range filter only? i do not want to add as a panel ... View more

Thanks for the code, but i copy pasted exactly same thing, but it is not working for me. still data label values are overlapping. Moreover, i do not want to permanently hide the Data Label for first Legend Series i.e. count1 or Data Label for second Legend Series i.e. count2. What i want is when i move over my mouse pointer on legend count1 then data label values for count2 legend should go invisible and and when i move over my mouse pointer on legend count2 then data label values for count1 legend should go invisible ... View more

is it possible to show data label values only for the selected particular legend and not for all? Current values of charting.chart.showDataLabels is all, min/max and none. can we use any token to show only data label values for only selected legend and how? ... View more

or is it possible to show data label values only for the selected particular legend and not for all? Current values of charting.chart.showDataLabels is all, min/max and none. can we use any token to show only data label values for only selected legend and how? ... View more

attached is the issue snap shot, please check ... View more

Hi, I did the same thing for summary indexing as you mentioned above, but i am getting the count value double the original value. Any idea how is this happening? Thanks in advance. ... View more

index=abc sourcetype=xyz "Assignment group"!="Assignment group" (Priority="1 - Critical" OR Priority="2 - High" OR Priority="3 - Moderate" OR Priority="4 - Low") | table Number "Assignment group" State Priority _time Updated Opened Categorization |dedup Number |search "Assignment group"!=xyz123 AND (Categorization="Correction" OR Categorization="Incident") | eval Opened1=strptime(Opened, "%Y-%m-%d") |eval Opened2=strftime(Opened1, "%Y-%m-%d")|eval week=strftime(relative_time(Opened1,"@w5+7d"),"%Y-%m-%d") | eval week2=strftime(relative_time(Opened1,"@w5"),"%Y-%m-%d") | eval week=if(Opened2=week2, week2,week) |stats count(eval(State!="Cancelled")) as New, count(eval(State!="Closed" AND State!="Resolved" AND State!="Cancelled")) as New2 by week | streamstats current=t sum(New2) as Active |fields - New2 | tail 20|sort week | append [search index=abc sourcetype=xyz "Assignment group"!="Assignment group" (Priority="1 - Critical" OR Priority="2 - High" OR Priority="3 - Moderate" OR Priority="4 - Low") | table Number "Assignment group" State Priority _time Updated Opened Resolved Categorization| search Resolved=* | search State!="Cancelled" | dedup Number| search "Assignment group"!=xyz123 AND (Categorization="Correction" OR Categorization="Incident")| eval Resolved1=strptime(Resolved, "%Y-%m-%d") |eval Resolved2=strftime(Resolved1, "%Y-%m-%d")|eval week=strftime(relative_time(Resolved1,"@w5+7d"),"%Y-%m-%d") | eval week2=strftime(relative_time(Resolved1,"@w5"),"%Y-%m-%d") | eval week=if(Resolved2=week2, week2,week)| stats count as Closed by week | tail 20 | sort week ] | stats first(*) as * by week ... View more

Below is the query i have used, here the Active count is not showing the required count. Basically Active count should be the number of open tickets(not resolved) till that week. But when i check in the graph for Active count till last month first week, the active count is 0, because i am checking the latest status. And when i check now those tickets are resolved, but i want to see the number of tickets which were open till that week. How to check the Active count of tickets till that particular week? ... View more

Currently i have below query, but the Active field will not give required count because if i check the count of Active on first week of last month, obviously it will show zero because i am checking today and i know some of the tickets are open on that week of the month. My question is how to calculate this? I am finding difficulty in calculating active count. Active should be the count of open tickets(not resolved) till that week. WE have resolved date column also index=abc sourcetype=xyz "Assignment group"!="Assignment group" (Priority="1 - Critical" OR Priority="2 - High" OR Priority="3 - Moderate" OR Priority="4 - Low") | table Number "Assignment group" State Priority _time Updated Opened Categorization |dedup Number |search "Assignment group"!=*xyz123* AND (Categorization="Correction" OR Categorization="Incident") | eval Opened1=strptime(Opened, "%Y-%m-%d") |eval Opened2=strftime(Opened1, "%Y-%m-%d")|eval week=strftime(relative_time(Opened1,"@w5+7d"),"%Y-%m-%d") | eval week2=strftime(relative_time(Opened1,"@w5"),"%Y-%m-%d") | eval week=if(Opened2=week2, week2,week) |stats count(eval(State!="Cancelled")) as New, count(eval(State!="Closed" AND State!="Resolved" AND State!="Cancelled")) as New2 by week | streamstats current=t sum(New2) as Active |fields - New2 | tail 20|sort week | append [search index=abc sourcetype=xyz "Assignment group"!="Assignment group" (Priority="1 - Critical" OR Priority="2 - High" OR Priority="3 - Moderate" OR Priority="4 - Low") | table Number "Assignment group" State Priority _time Updated Opened Resolved Categorization| search Resolved=* | search State!="Cancelled" | dedup Number| search "Assignment group"!=*xyz123* AND (Categorization="Correction" OR Categorization="Incident")| eval Resolved1=strptime(Resolved, "%Y-%m-%d") |eval Resolved2=strftime(Resolved1, "%Y-%m-%d")|eval week=strftime(relative_time(Resolved1,"@w5+7d"),"%Y-%m-%d") | eval week2=strftime(relative_time(Resolved1,"@w5"),"%Y-%m-%d") | eval week=if(Resolved2=week2, week2,week)| stats count as Closed by week | tail 20 | sort week ] | stats first(*) as * by week ... View more

certain field value like State="Active", i can get the open tickets but i am finding difficulty to find tickets raised from every last saturday to this friday. ... View more

this wont give me the weekly data as i wanted and i wanted it in a dashboard panel. see for example, today is friday, so for today(may 5) it should show the count of open tickets raised from last saturday(april 29) till today. Similarly, for april 28(last friday), the count should show the number of open tickets raised from april 22nd to april 28. ... View more

see for example, today is friday, so for today(may 5) it should show the count of open tickets raised from last saturday(april 29) till today. Similarly, for april 28, the count should show the number of open tickets raised from april 22nd to april 28. ... View more