Hi! I would like to anyone has scheduled an excel report based on an existing dashboard? I have create a dashboard that contains only one drop down in which the user will choose a single location. Then the dashboard displays the counts based on that location. Now I'd like to know if there's an easy way to have all that data (per location), and add them in one single Excel file. For example The dashboard looks like this: Location dropdown: All, Avenue1, Avenue2, Avenue3.... Displaying: Panel 1 Panel 2 Panel 3 Each panel is coming from 4 saved searches for that particular location, and it returns the numbers for WTD, MTD, QTD and YTD then appending the numbers to create the columns. I'd like to know if I can create an Excel file from this Dashboard that can be scheduled to run daily. In other words, for each location: All locations, Avenue1, Avenue2, and so on, it can be written into one single Excel (if that cannot be done, at least get each location per Excel file).  In that case, I'd have to create 7 Excel files (1 file per location) that will contain the different panels per location. What I was envisioning it follow but I don't know if it's possible. If anyone knows how I can approach this problem, it would be great or if they have a suggestion, a workaround, would be great too. Thank you so much in advance.   Dyana         ... View more

Hi! I'd like to know if someone can help me with this: I have 4 saved searches that gives back counts for WTD (Week-to-Date), MTD (Month), QTD (quarter) and YTD (year) per type and a dashboard that calls those 4 searches that would display as columns per branch: Example: Branch dropdown: Avenue1  <--- the dashboard will have this and the numbers will change accordingly.                                   WTD    MTD   QTD    YTD PROD type 1       4             0       85             85 PROD type 3       0             0      1               1 PROD type 40     1             0      6               6 ... Total                       5            0        92         92 The Dashboard will have the following( I hardcoded the branch for now): | loadjob savedsearch="....:search:Retail_TEST_QTD" | rename CREATEDATBRANCH as Branch | lookup BranchNums Branch | search BranchNames="Avenue1" | stats count(TOTALCOUNT) as QTD by DESCRIPTION | appendcols [| loadjob savedsearch="....:search:Retail_TEST_YTD" | rename CREATEDATBRANCH as Branch | lookup BranchNums Branch | search BranchNames="Avenue1" | stats count(TOTALCOUNT) as YTD by DESCRIPTION] | appendcols [| loadjob savedsearch="....:search:Retail_TEST_MTD" | rename CREATEDATBRANCH as Branch | lookup BranchNums Branch | search BranchNames="Avenue1" | stats count(TOTALCOUNT) as MTD by DESCRIPTION] | appendcols [| loadjob savedsearch="....:search:Retail_TEST_WTD" | rename CREATEDATBRANCH as Branch | lookup BranchNums Branch | search BranchNames="Avenue1" | stats count(TOTALCOUNT) as WTD by DESCRIPTION] | rename DESCRIPTION as PROD_DESCRIPTION | table PROD_DESCRIPTION WTD MTD QTD YTD | addtotals row=f col=t labelfield=PROD_DESCRIPTION label="PROD Total:" and these are the saved searches. Saved search title:  Retail_TEST_WTD index=.... host=.... source=.... sourcetype=.... NOT CLOSEDATE=* AND (TYPE = 1 OR TYPE = 2 OR TYPE = 3 OR TYPE = 4 OR TYPE = 5 OR TYPE = 6 OR TYPE = 8 OR TYPE = 9 OR TYPE = 15 OR TYPE = 40 OR TYPE = 61 OR TYPE = 63) | dedup PARENTACCOUNT ID | eventstats count as TOTALCOUNT by TYPE, CREATEDATBRANCH | eval OPENDATE=strptime(OPENDATE,"%Y-%m-%d %H:%M:%S.%Q") | eval RANGE = "-1@w" | where OPENDATE >= (relative_time(now(),RANGE)) | eval DESCRIPTION = case(TYPE=1, "PROD Type 1", TYPE=2, "PROD Type 2", TYPE=3, "PROD Type 3", TYPE=4, "PROD Type 4", TYPE=5, "PROD Type 5", TYPE=6, "PROD Type 6", TYPE=8, "PROD Type 8", TYPE=9, "PROD Type 9", TYPE=15, "PROD Type 15", TYPE=40, "PROD Type 40", TYPE=61, "PROD Type 61", TYPE=63, "PROD Type 63") Saved search title: Retail_TEST_MTD | eval RANGE = "-1@mon"    <--- same as above but with this change Saved search title: Retail_TEST_QTD | eval RANGE = "-1@qtr" Saved search title: Retail_TEST_YTD | eval RANGE = "-1@y" The misplacement of the counts occurs only in the WTD column, which should be the following: for Prod Type 40 should be 1 count for Avenue1 Weekly (correct counts): Quarter (correct counts): But I am getting this: the 1 count that belongs in Prod Type 40 is showing in Prod 3 instead for the WTD: All other columns MTD, QTD, and YTD numbers match fine Note: the discrepancy in Prod Type 1 for the QTD and YTD is okay because Splunk is not up to date, it's 2 days behind. If anyone please , can tell me what I am doing wrong. I have cloned each of the saved searches. And I made sure the DESCRIPTION are all the same across all saves searches. Thank you,   Dyana       ... View more