Hello, I need your help for something. I want to get a dropdown via using a result from a search with using js.     I want the dropdown to take the search result: index=_internal |stats count by source |table source   Thank you so much     ... View more

  Hello, I have a problem with the dropdown menu limit which displays a maximum of 1000 values. I need to display a list of 22000 values ​​and I don't know how to do it. Thank you so much    ... View more

Hello,   I'm having problems using roles. I use this search, which gives me results via the admin role. [search index="idx_arv_ach_cas_traces" source="*orange_ach_cas_traces_ac_20*" nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask") OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent") OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé")) AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") | eventstats sum(total) as "Nbre_de_tracages" by lib_origine | top "Nbre_de_tracages" lib_origine | sort - "Nbre_de_tracages" | head 5 | streamstats count as row_number | search row_number=1 | return lib_origine] nom_prenom_manager="*" nom_prenom_rdg="*" cuid="*" ttv="*" (LibEDO="*") (LibEDO="*MAROC ANNULATION FIBRE INTERNET" OR LibEDO="*MAROC CTC ET PROSPECT" OR LibEDO="*MAROC CTC HOME" OR LibEDO="*MAROC HORS-PROD" OR LibEDO="*MAROC N1 ACH" OR LibEDO="*MAROC N2 ACH GESTION" OR LibEDO="*MAROC N2 ACH RECLAMATION" OR LibEDO="*MAROC N2 ACH RECOUVREMENT" OR LibEDO="*MAROC RECOUVREMENT SOSH" OR LibEDO="*MAROC GESTION MS") ((lib_origine="Appel Reco" OR "Appel Sortant" OR "BO Récla Recouv" OR "Correspondance Entrante" OR "Correspondance Sortante" OR "Courrier Ent Fidé" OR "Etask") OR (lib_motif="Contact Flash" OR "Contact non tracé" OR "Traiter une demande en N2" OR "Verbatim urgent") OR (lib_resultat="Client Pro" OR "Contact Flash" OR "Contact non tracé")) AND (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") | stats sum(total) as "nb_tracages" by cuid lib_origine | sort -nb_tracages | head 5 When I use another role, the first part of the search works, but not the second. The search on : nom_prenom_manager="*" , ... doesn't give any results, whereas with the admin role, it does. I can't modify the query because I don't have rights to it, but I have to play with the roles. I'd like to point out that the manager_last_name field is obtained via an automatic lookup. But there's no problem with specific rights for the admin role. I've tried everything, but I can't find a solution, please have an idea.   ... View more

Hello, I need your help with a field extraction. I have this type of data, and I'd like to extract the following fields with a rex command:   The syntax is as follows :  ("data": ["from" : "2024-04-25T11: 30Z", "to": "2024-04-2512:00Z", "intensity": ("forecast": 152, "actual": null, "index": "moderate"}), ("from": "2024-04-25T12:002", "intensity": {"forecast": 152, "actual": null, "index": "moderate"}), ("from": "2024-04-25T12:30Z", "to": {"from": "2024-04-25T13:00Z", "to": "2024-04-25T12: 30Z", ("forecast": 164, "actual": null, "2024-04-2513: 30Z", "intensity": ("forecast": 154, "to": "2024-04-25T13: 002", "intensity": ("forecast": 154, "actual": null, "index": "actual": null, "index": "moderate"}), ("from": "2024-04-25T13:30Z*, "to": "2024-04-25T14:002", "moderate"}}, "intensity"： 04-25T14: 30Z", "to" : "index": "moderate"3}, ("from": "2024-04-25T14:002*, "to": "2024-04-25T14:30Z", "intensity": ("forecast": 166, "actual": null, "index": "moderate"}), ("from": " 2024-04-25T15:00Z" "actual": nu11, "index" "intensity": {"forecast": 170, "actual": null, "index": "moderate"}), {"from": "2024-04-2515: 00Z", 2024- "to" : "moderate"}), {"from": "2024-04-25T15:30Z", "to": "2024-04-25T16:00Z", "intensity": ("forecast": 175, "to": "2024-04-25T15: 30Z", "intensity": {"forecast": 172, "2024-04-25T16: 30Z", "index": "moderate"}}, ("from": "2024-04-25T17:00Z", "to": "intensity": ("forecast": 177, "actual": null, "index": "moderate"?), ("from": "2024-04-2516: 302", "actual" : nu11, "index" "moderate"}}, ("from": "2024-04-2516: 00Z", "to": "2024-04-25T17:002", "intensity": ("forecast": 179, "actual": null, 2024-04-2517: 30Z", "intensity": ("forecast": 181, "actual": null, 25T18:00Z", "intensity": ("forecast": 184, "index": "moderate"}}, {"from": "2024-04-25T17: 30Z", "actual": null, "index": "moderate"}), ("from": "2024-04-25T18:002", "to": "2024-04-25T18: 30Z", "to": "2024-04- "moderate"}}, ("from": "2024-04-2518: 30Z", "to": "2024-04-25T19:002", "intensity": ("forecast": 187, "actual": null, "intensity": ("forecast": 190, "actua1": nul1, "index": "index": "high"}}, ("from": "intensity": {"forecast": 193, "actual": null, "index": "2024-04-25T19: 00Z", "to": "2024-04-25T19: 30Z" "high"}}, ("from": "2024-04-25T19:30Z", "to": "2024-04-25T20:00Z", "intensity": {"forecast": 194, "2024-04-2520: 00Z", "to": "2024-04-25T20:30Z", "intensity": {"forecast": 195, "actual": null, "index": "high"3}, ("from": "2024-04-25T20:30Z", "actual": null, "index": "high")}, ("from": "2024-04-25T21:00Z", "intensity": ("forecast": 198, "actual": null, "index": "high"'), ("from": "2024-04-25T21: 002", "2024-04-25T22: 00Z", "intensity": {"forecast": 187, "actual": null, "to": "2024-04-25T21: 30Z", "intensity": {"forecast": 196, 'actual": null, "index": "high"}}, {"from": "2024-04-25T21:302" "to" "index": "moderate"}}, ("from": "2024-04-25T22:00Z", "to": "2024-04-25T22: 30Z", "intensity": ("forecast": 181, "actual": null, "index": "moderate"}}, {"from": "2024-04-25T22:30Z", "to": "2024-04-25T23:002", "intensity": ("forecast": 180, "actual": null, "index' moderate"｝｝，｛"from"： 25T23:30Z", "intensity": {"forecast": 172, "actual": null, "index": "moderate"}}, {"from": "2024-04-25T23: 30Z", "2024-04-25T23:002", "to": " 2024-04- "moderate"}}, {"from": "2024-04-26T00:00Z", "to": "2024-04-2600: 30Z", "intensity": ("forecast": 150, "to": "2024-04-2600: 00Z", "intensity": ("forecast": 150, "actual": null, "index": "actual": null, "index": "moderate")}, ("from": "2024-04-26T00: 302", "to": "2024-04-26T01:00Z" "intensity": {"forecast": 149, "actual": null, "index": "moderate"}}, ("from": "2024-04-26T01:002", "to": "2024-04-26T01:30Z", "intensity": {"forecast": 149, "actual": null, "index": "moderate"}}, ... Thank you very much  ... View more

Hello evryone,  I have a probleme with automatic lookup and role users.  I will explain :  With admin role, everythin is okay, the automatic lookup work and no warnings on my dashboard.  When I use an another role, it doesn't work  I've checked all the rights for lookups and knowledge objects, assigning them to the role in question. But nothing works; I'm really out of ideas. Thank you very much for your help.   ... View more

Hello,    I have a question on a spl request.  I have those extracted fields about the entry data.   I used this spl request :  | union maxtime=500 timeout=500 [ search index="idx_arv_ach_appels_traites" AND (activite_cuid="N1 FULL" OR activite="FULL AC") AND (NOT activite_cuid!="N1 FULL" AND NOT activite!="FULL AC")| stats sum(appels_traites) as "Nbre appels" by date_month] [ search index="idx_arv_ach_tracage" (equipe_travail_libelle="*MAROC N1 AC FULL")             | eval date=strftime(_time,"%Y-%m-%d")             | dedup date,code_alliance_conseiller_responsable,num_client             | chart count(theme_libelle) as "Nbre_de_tracagesD" by date_month ] [search index="idx_arv_ach_cas_traces"  source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*") AND (code_resolution="474"OR"836"OR"2836"OR"2893"OR"3085"OR"3137"OR"3244"OR"4340"OR"4365"OR"4784"OR"5893"OR"5896"OR"5897"OR"5901"OR"5909"OR"5914"OR"6744"OR"7150"OR"8020"OR"8531"OR"8534"OR"8535"OR"8548"OR"8549"OR"8709"OR"8876"OR"8917"OR"8919"OR"8946"OR"8961"OR"8962"OR"8970"OR"8974"OR"8998"OR"8999"OR"9000"OR"9001"OR"9004"OR"9006"OR"9007"OR"9010"OR"9011"OR"9012"OR"9048"OR"9052"OR"9058"OR"9059"OR"9069"OR"9088"OR"9089"OR"9090"OR"9095"OR"9107"OR"9108"OR"9116"OR"9148"OR"9150"OR"9169"OR"9184"OR"9190"OR"9207"OR"9208"OR"9209"OR"9211"OR"9214"OR"9223"OR"9239"OR"9240"OR"9241"OR"9248"OR"9251"OR"9274"OR"92752"OR"9276"OR"9288"OR"9299"OR"9300"OR"9302"OR"9323"OR"9324"OR"9366"OR"9382"OR"9385"OR"9447"OR"9450"OR"9455"OR"9466"OR"9467"OR"9476"OR"9516"OR"9559"OR"9584"OR"9603"OR"9627"OR"9633"OR"9640"OR"9654"OR"9670"OR"9710"OR"9735"OR"9740"OR"9782"OR"9784"OR"9785"OR"9786"OR"9794"OR"9817"OR"9839"OR"9919"OR"9932"OR"10000"OR"10010"OR"10017"OR"10022"OR"10048"OR"10049"OR"10053"OR"10081"OR"10099"OR"10100"OR"10103"OR"10104"OR"10105"OR"10116"OR"10118"OR"10142"OR"10143"OR"10153"OR"10160"OR"10162"OR"10165"OR"10185"OR"10189"OR"10190"OR"10191"OR"10199"OR"10206"OR"10209"OR"10216"OR"10229"OR"10233"OR"10241"OR"10256"OR"10278"OR"10280"OR"10288"OR"10289"OR"10290"OR"10299"OR"10330"OR"10331"OR"10367"OR"10432"OR"10474"OR"10496"OR"10499"OR"10506"OR"10524"OR"10525"OR"10526"OR"10527"OR"10528"OR"10530"OR"10531"OR"10532"OR"10534"OR"10535"OR"10536"OR"10537"OR"10538"OR"10540"OR"10541"OR"10543"OR"10557"OR"10558"OR"10560"OR"10561"OR"10579"OR"10592"OR"10675"OR"10676"OR"10677"OR"10678"OR"10680"OR"10681"OR"10704"OR"10748"OR"10759"OR"10760"OR"10764"OR"10766"OR"10768"OR"10769"OR"10770"OR"10771"OR"10783"OR"10798"OR"10799"OR"10832"OR"10857"OR"10862"OR"10875"OR"10928"OR"10929"OR"10933"OR"10934"OR"10941"OR"10947"OR"10962"OR"10966"OR"10969"OR"10977"OR"10978"OR"11017"OR"11085"OR"11114"OR"11115"OR"11116"OR"11138"OR"11139"OR"11140"OR"11141"OR"11142"OR"11143"OR"11144"OR"11219"OR"11252"OR"11239"OR"11268"OR"11326"OR"11327"OR"11328"OR"11329"OR"11410"OR"11514"OR"11552"OR"11992"OR"12012"OR"12032"OR"12033"OR"12034"OR"12035"OR"12036"OR"12037"OR"12038"OR"12039"OR"12040"OR"12041"OR"12152") | chart sum(total) as "Nbre_de_tracagesB" by date_month ] [search index="idx_arv_ach_cas_traces"  source="*ac_at*" (cuid!="AUTOCPAD" AND cuid!="BTORCPAD" AND cuid!="COCOA01" AND cuid!="CRISTORC" AND cuid!="ECARE" AND cuid!="FACADE" AND cuid!="IODA" AND cuid!="MEFIN" AND cuid!="ND" AND cuid!="ORCIP" AND cuid!="ORDRAGEN" AND cuid!="PORTAIL USSD" AND cuid!="RECOU01" AND cuid!="SGZF0000" AND cuid!="SVI" AND cuid!="USAGER PURGE" AND cuid!="VAL01") (LibEDO="*MAROC N1 AC FULL"OR"*SENEGAL N1 AC FULL*")| chart sum(total) as "Nbre_de_tracages_total" by date_month] [search index="idx_arv_ach_enquetes_satisfaction"  source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") | chart count(appreciation) as "Nbre_de_retour_enquete" by date_month] [search index="idx_arv_ach_enquetes_satisfaction"  source="*maroc_base_1*" (conseiller_createur_equipe="*MAROC N1 AC FULL") | eval nb5=case(appreciation="5", 5) | eval nb123=case(appreciation>="1" and appreciation<="3", 3) | eval nb1234=case(appreciation>="1" and appreciation<="4", 4)             | eval nbtotal=case(appreciation>="1" and appreciation<="5", 5)| stats count(nb5) as "Nbre_de_5", count(nb123) as "Nbre_de_123", count(nb1234) as "Nbre_de_1234", count(nbtotal) as "Nbre_total" by  date_month             | eval pourcentage=round((Nbre_de_5/Nbre_total-(Nbre_de_123/Nbre_total))*100,2)." %"             | rename pourcentage as deltaSAT | table deltaSAT date_month] |  stats values("Nbre appels") as "Nbre appels" values("Nbre_de_retour_enquete") as "Nbre_de_retour_enquete" values(Nbre_de_tracagesD) as Nbre_de_tracagesD values("Nbre_de_tracagesB") as "Nbre_de_tracagesB" values("Nbre_de_tracages_total") as "Nbre_de_tracages_total" values(deltaSAT) as deltaSAT by date_month             | eval pourcentage=round((Nbre_de_tracagesB/Nbre_de_tracages_total)*100, 2)." %"             | rename pourcentage as "Tx traçages bloquants"             | eval TxTracage=round((Nbre_de_tracagesD/'Nbre appels')*100,2)." %"             | rename TxTracage as "Tx traçages dédoublonnés"             | rename Nbre_de_tracagesD as "Nbre traçages dédoublonnés"             |eval date_month=case(date_month=="january", "01-Janvier", date_month=="february", "02-Février", date_month=="march", "03-Mars", date_month=="april", "04-Avril", date_month=="may", "05-Mai", date_month=="june", "06-Juin", date_month=="july", "07-Juillet", date_month=="august", "08-Août", date_month=="september", "09-Septembre", date_month=="october", "10-Octobre", date_month=="november", "11-Novembre", date_month=="december", "12-Décembre") | sort date_month | eval date_month=substr(date_month, 4)             | fields date_month, "Tx traçages bloquants", "Nbre appels", "Nbre traçages dédoublonnés", "Tx traçages dédoublonnés"             | transpose 15 header_field=date_month   I obtain this result but I have a problem :  I haven't worked on the date_year field and I don't get a table in a chronoligcal order.    Can you help me please ?       ... View more

Hello, I would like to calculate a weighted average on an average call time. The logs I have available are of this type: I want to be able to obtain the calculation of the average time this way The formula applied is as follows:   Here is what I have done so far: index=rcd statut=OK partenaire=000000000P | eval date_appel=strftime(_time,"%b %y") | dedup nom_ws date_appel partenaire temps_rep_max temps_rep_min temps_rep_moyen nb_appel statut tranche_heure heure_appel_max | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, null()) | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel, null()) | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, null()) | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min, null()) | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, null()) | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max, null()) | eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, null()) | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen, null()) | stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO min(temps_rep_min_OK) as temps_rep_min_OK, min(temps_rep_min_KO) as temps_rep_min_KO max(temps_rep_max_OK) as temps_rep_max_OK, max(temps_rep_max_KO) as temps_rep_max_KO, values(temps_rep_moyen_OK) AS temps_rep_moyen_OK, values(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel | eval temps_rep_moyen_KO_calcul=sum(temps_rep_moyen_KO*nb_appel_KO)/(nb_appel_KO) | eval temps_rep_moyen_OK_calcul=sum(temps_rep_moyen_OK*nb_appel_OK)/(nb_appel_OK) | fields - tranche_heure_bis , tranche_heure_partenaire | sort 0 tranche_heure |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO     I cannot get the final average_ok time displayed temps_moyen= [(nb_appel_1 * temps_moyen 1)+(nb_appel_2 * temps_moyen 2)+...)/sum of nb_appel . I really need help please. Thank you so much     ... View more

Hello,   I hope everything is okay.   I need your help.   I am using this spl request : "index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d | append [search index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d | chart count over id_flux by libelle | eval IN_BT_OUT_BT=IN_BT+OUT_BT | eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC | eval IN_RANG_OUT_RANG=IN_RANG+OUT_RANG | where IN_BT_OUT_BT>=2 | where IN_PREC_OUT_PREC >=2 | where IN_RANG_OUT_RANG >=2 | transpose | search column=id_flux | transpose | fields - "column" | rename "row 1" as id_flux] | stats last(_time) as last_time by id_flux libelle "   I have this results : I can't get what I want. Let me explain. For a given id_flux, I'd like to have the response time defined as follows: - out_rang time - in_rang time - time out_prec - time in_prec -time out_bt - time in_bt     Voilà ce que j'ai utilisé comme requête complète : search index="bloc1rg" AND libelle IN (IN_PREC, OUT_PREC, IN_BT, OUT_BT, IN_RANG, OUT_RANG) earliest=-1mon@mon latest=-1d@d |chart count over id_flux by libelle |eval IN_BT_OUT_BT=IN_BT+OUT_BT |eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC |eval IN_PREC_OUT_PREC=IN_PREC+OUT_PREC | eval IN_RANG_OUT_RANG=IN_RANG+OUT_RANG |where IN_BT_OUT_BT>=2 |where IN_PREC_OUT_PREC >=2 |where IN_RANG_OUT_RANG >=2 |transpose |search column=id_flux |transpose |fields - "column" |rename "row 1" as id_flux] | eval sortorder=case(libelle=="IN_PREC",1,libelle=="OUT_PREC" AND statut=="KO",2,libelle=="OUT_PREC" AND statut=="OK",3,libelle=="IN_BT",4,libelle=="OUT_BT",5, libelle=="IN_RANG",6, libelle=="OUT_RANG" AND statut=="KO",7, libelle=="OUT_RANG" AND statut=="OK",8) | sort 0 sortorder |eval libelle=if(sortorder=2,"ARE", (if (sortorder=3,"AEE", (if(sortorder=7, "BAN",(if(sortorder=8, "CCO", libelle))))))) |table libelle sortorder _time |chart avg(_time) over sortorder by libelle | filldown AEE, ARE, IN_BT, IN_PREC, OUT_BT, IN_RANG, OUT_RANG |eval OK=abs(OUT_BT-IN_BT)/1000 |eval AEE=abs(AEE-IN_PREC)/1000 |eval ARE=abs(ARE-IN_PREC)/1000 |eval CCO=abs(CCO-IN_RANG) |eval BAN=abs(BAN-IN_RANG) |fields - sortorder |stats values(*) as * |table AEE ARE BAN CCO OK |transpose |rename "row 1" as "temps de traitement (s)" |rename column as "statut"   ... View more

Hello everyone,  I need some help with a spl request.  <row> <panel> <title>SUIVI DES FLUX - TRANSMISSION WS</title> <input type="dropdown" token="partenaire" searchWhenChanged="true"> <label>PARTENAIRE</label> <search> <query>index=rcd earliest=@mon latest=now |table partenaire |dedup partenaire</query> <earliest>$earliest$</earliest> <latest>$latest$</latest> </search> <choice value="*">ALL</choice> <initialValue>*</initialValue> <default>*</default> <change> <condition value="*"> <set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd earliest=-1d@d latest=@d partenaire=$partenaire$ |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO] |eval partenaire="$partenaire$"</set> </condition> <condition match="NOT match('value', &quot;*&quot;)"> <set token="new_search">index=rcd earliest=@mon latest=now |search $partenaire$ |eval date_appel=strftime(_time,"%b %y") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws, values(date_appel) as date_appel by partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO |append [ search index=rcd $partenaire$ earliest=-1d@d latest=@d |eval time=strftime(_time,"%Y-%m-%d") | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |mvexpand partenaire |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO]</set> </condition> </change> <fieldForLabel>partenaire</fieldForLabel> <fieldForValue>partenaire</fieldForValue> </input> <html> <div id="htmlPanelWithToken"> </div> </html> </panel> </row>   I use two searches with a value condition depending on the value of filter : partenaire. I need to use this search to make it work with my js script. I don't know how to add the value conditions to the query below. <search id="mySearch"> <done> <set token="tokHTML">$result.data$</set> </done> <query>index=rcd_statuts_count libelle=web_service_supervision_count | search partenaire IN ($partenaire$) |eval date_appel=strftime(_time,"%b %y")|table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko |append [ search index=rcd earliest=-1d@d latest=@d | eval nb_appel_OK=if(isnotnull(nb_appel) AND statut="OK", nb_appel, "0") | eval nb_appel_KO=if(isnotnull(nb_appel) AND statut="KO",nb_appel,"0") | eval temps_rep_min_OK=if(isnotnull(temps_rep_min) AND statut="OK", temps_rep_min, "0") | eval temps_rep_min_KO=if(isnotnull(temps_rep_min) AND statut="KO",temps_rep_min,"0") | eval temps_rep_max_OK=if(isnotnull(temps_rep_max) AND statut="OK", temps_rep_max, "0") | eval temps_rep_max_KO=if(isnotnull(temps_rep_max) AND statut="KO",temps_rep_max,"0")| eval temps_rep_moyen_OK=if(isnotnull(temps_rep_moyen) AND statut="OK", temps_rep_moyen, "0") | eval temps_rep_moyen_KO=if(isnotnull(temps_rep_moyen) AND statut="KO",temps_rep_moyen,"0") |stats sum(nb_appel_OK) as nb_appel_OK, sum(nb_appel_KO) as nb_appel_KO sum(temps_rep_min_OK) as temps_rep_min_OK, sum(temps_rep_min_KO) as temps_rep_min_KO sum(temps_rep_max_OK) as temps_rep_max_OK, sum(temps_rep_max_KO) as temps_rep_max_KO, sum(temps_rep_moyen_OK) AS temps_rep_moyen_OK, sum(temps_rep_moyen_KO) as temps_rep_moyen_KO values(nom_ws) as nom_ws values(partenaire) as partenaire , values(date_appel) as date_appel |table nom_ws partenaire date_appel nb_appel_OK nb_appel_KO temps_rep_min_OK temps_rep_min_KO temps_rep_max_OK temps_rep_max_KO temps_rep_moyen_OK temps_rep_moyen_KO | eventstats sum(nb_appel_OK) as sum_nb_appel_ok sum(nb_appel_KO) as sum_nb_appel_ko]</query> <done> <condition> <set token="nom_ws">$nom_ws$</set> <set token="partenaire">$partenaire$</set> <set token="date_appel">$date_appel$</set> <set token="sum_nb_appel_ok">$result.sum_nb_appel_ok$</set> <set token="sum_nb_appel_ko">$result.sum_nb_appel_ko$</set> </condition> </done> Thank you so much       ... View more

Hello everyone, I need your help for something, please. I need to remove the decimal value for this fields: - total - hier My spl request is : | union [ search index="pasrau_statuts_count" libelle IN ("Envoi SNGI OK", "Envoi SNGI KO", "RECU") | lookup lk_etapes_pasrau_2020_rj libelle output evenement, ordre ] | join type=outer libelle [ search index=pasrau_statuts_count earliest=-100d@d latest=@d libelle IN ("Envoi SNGI OK", "Envoi SNGI KO", "RECU") | eval hier=count | table libelle hier ] | eval delta=case(hier < count, "+".(count-hier), hier > count, "-".(hier-count), hier=count, "0") | eval libelle=ordre+libelle, total=ordre+"."+count, hier=ordre+"."+hier | dedup libelle sortby lookup |stats list(libelle) as libelle , list(total) as total list(hier) as hier list(delta) as "DeltaJ/J-1" by evenement | sort libelle |rex field=libelle mode=sed "s/^[0-9]+//g" |rex field=total mode=sed "s/^[0-9]\.+//g" |rex field=hier mode=sed "s/^[0-9]\.+//g"   Thank you so much     ... View more

Hello everyone, I need your help Display the date and time of the monthly report update at the top of theReport.   Thank you so much       ... View more