About sujata_nandi

sujata_nandi · ‎12-21-2023

If I "Schedule PDF", will the dashboard automatically take the date range or do I have to set it in some way?

sujata_nandi · ‎12-21-2023

Is there a way to print the entire report in the email instead of a PDF attachment?

sujata_nandi · ‎12-21-2023

I'd like to set up an email notification for the following dashboard, specifically on Saturdays and Sundays at intervals of 3 hours. Since I receive files only on these days, this schedule aligns with our data delivery. Could someone guide me on configuring this setup?

sujata_nandi · ‎12-06-2023

Hi, Thank you very much for your help. Below is the final query and it is giving me the required output, however I am not able to open the events on a separate tab. index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)\d{8}_\d{6}\.xml\"" | search origname="*.xml" | eval Date = strftime(_time, "%Y-%m-%d %H:00:00") | eval DateOnly = strftime(_time, "%Y-%m-%d") | transaction DateOnly, origname | timechart span=1h count | where count>0 | timewrap series=exact time_format="%d-%m-%Y" 1day | eval _time=strftime(_time, "%H:%M:%S") | sort _time

sujata_nandi · ‎12-05-2023

I removed the "by DateTime" clause and used the timewrap clause, it is giving me the output for last 24 hours correctly however I only receive files on the weekends and if I try to use this command then it's giving me too many unwanted fields with no values.

sujata_nandi · ‎12-05-2023

Hi, I tried your solution but it didn't work. How do I modify the query to get the desired output. for below Query index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)\d{8}_\d{6}\.xml\"" | search origname="*.xml" | eval Date = strftime(_time, "%Y-%m-%d %H:00:00") | eval DateOnly = strftime(_time, "%Y-%m-%d") | transaction DateOnly, origname | timechart span=1h count by DateOnly I am getting below output time 2023-12-02 2023-12-03 2023-12-02 00:00 0 0 2023-12-02 01:00 0 0 2023-12-02 02:00 0 0 2023-12-02 03:00 0 0 2023-12-02 04:00 0 0 2023-12-02 05:00 0 0 2023-12-02 06:00 0 0 2023-12-02 07:00 1 0 2023-12-02 08:00 0 0 2023-12-02 09:00 0 0 2023-12-02 10:00 2 0 2023-12-02 11:00 1 0 2023-12-02 12:00 1 0 2023-12-02 13:00 1 0 2023-12-02 14:00 3 0 2023-12-02 15:00 4 0 2023-12-02 16:00 0 0 2023-12-02 17:00 0 0 2023-12-02 18:00 0 0 2023-12-02 19:00 0 0 2023-12-02 20:00 0 0 2023-12-02 21:00 0 0 2023-12-02 22:00 0 0 2023-12-02 23:00 0 0 2023-12-03 00:00 0 0 2023-12-03 01:00 0 0 2023-12-03 02:00 0 0 2023-12-03 03:00 0 0 2023-12-03 04:00 0 1 2023-12-03 05:00 0 3 2023-12-03 06:00 0 202 2023-12-03 07:00 0 52 2023-12-03 08:00 0 141 2023-12-03 09:00 0 188 2023-12-03 10:00 0 256 2023-12-03 11:00 0 185 2023-12-03 12:00 0 121 2023-12-03 13:00 0 52 2023-12-03 14:00 0 32 2023-12-03 15:00 0 9 2023-12-03 16:00 0 0 2023-12-03 17:00 0 0 2023-12-03 18:00 0 0 2023-12-03 19:00 0 0 2023-12-03 20:00 0 0 2023-12-03 21:00 0 0 2023-12-03 22:00 0 0 2023-12-03 23:00 0 0 but i want like below output like this where the 00:00 to 23:00 is stable time 2023-12-02 2023-12-03 00:00 0 0 01:00 0 0 02:00 0 0 03:00 0 0 04:00 0 1 05:00 0 3 06:00 0 202 07:00 1 52 08:00 0 141 09:00 0 188 10:00 2 256 11:00 1 185 12:00 1 121 13:00 1 52 14:00 3 32 15:00 4 9 16:00 0 0 17:00 0 0 18:00 0 0 19:00 0 0 20:00 0 0 21:00 0 0 22:00 0 0 23:00 0 0

sujata_nandi · ‎12-05-2023

Hi, Thank you for your help, I tried to workout your recommendation and the query looks like below: index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)\d{8}_\d{6}\.xml\"" | search origname="*.xml" | eval Date = strftime(_time, "%Y-%m-%d %H:00:00") | eval DateOnly = strftime(_time, "%Y-%m-%d") | transaction DateOnly, origname | timechart span=1h count by DateOnly | eval _time=strftime(_time, "%H:%M:%S") But this is still giving me the time for both the dates if I try to run my query for 2 days : _time 2023-12-02 2023-12-03 00:00:00 0 0 01:00:00 0 0 02:00:00 0 0 03:00:00 0 0 00:00:00 0 0 01:00:00 0 0 02:00:00 0 0 03:00:00 1 0

sujata_nandi · ‎12-04-2023

I am trying to make a query which will give me the result of unique file names with month in column and a time span of 1 hour in row. Below is my query : index="app_cleo_db" origname="GEAC_Payroll*" | rex "\sorigname=\"GEAC_Payroll\((?<digits>\d+)\)\d{8}_\d{6}\.xml\"" | search origname="*.xml" | eval Date = strftime(_time, "%Y-%m-%d %H:00:00") | eval DateOnly = strftime(_time, "%Y-%m-%d") | transaction DateOnly, origname | timechart count by DateOnly But it is giving me an output with date as well as timestamp in the row like below: _time 2023-12-02 2023-12-03 2023-12-02 00:00:00 8 0 2023-12-02 00:30:00 0 0 2023-12-02 01:00:00 0 7 2023-12-02 01:30:00 0 0 2023-12-02 02:00:00 6 0 2023-12-02 02:30:00 0 0 2023-12-02 00:00:00 2 0 2023-12-03 00:30:00 0 5 2023-12-03 01:00:00 0 0 2023-12-03 01:30:00 0 20 2023-12-03 02:00:00 0 0 2023-12-03 02:30:00 34 0 I want the result to look like below _time 2023-12-02 2023-12-03 00:00:00 0 0 01:00:00 0 0 02:00:00 0 0 03:00:00 0 0

Posts	8
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎12-04-2023

Online Status	Offline
Date Last Visited	‎12-26-2023 10:41 AM

Dashboard as email notification

Multiple Time Spans

Re: Dashboard as email notification

Re: Dashboard as email notification

Dashboard as email notification

Re: Multiple Time Spans

Re: Multiple Time Spans

Re: Multiple Time Spans

Re: Multiple Time Spans

Multiple Time Spans

Join the Conversation