×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
shashigari
Loves-to-Learn Lots
Member since: ‎04-14-2025
a week ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-14-2025
View All

Re: Time picker and Nested query not picking up ev...

by in Dashboards & Visualizations
‎04-15-2025 07:52 AM
‎04-15-2025 07:52 AM
My macro looks like this [|makeresults count=0] | append [ search `mymacro` | rex --- | rex --- | rex --- | eval -- | eval --- | fields _time, -,-] | lookup --- | lookup --- | lookup --- | search --- ---------------------------------- I'm building a scheduled alert which runs this macro using earliest and latest time period earliest="04/11/2025:12:10:01" latest="04/11/2025:12:20:01" `mymacro` | table _time IP So this time range is not passing within above macro subquery which is nested.   Hope this give you more info. ... View more

Time picker and Nested query not picking up events

by in Dashboards & Visualizations
‎04-14-2025 09:42 AM
‎04-14-2025 09:42 AM
Good morning, I got a query like this [| makeresults count=0] | append [ search (index="my_index"] When I use to setup analert like  earliest="04/11/2025:12:10:01" latest="04/11/2025:12:20:01" `mymacro` | table _time IP this is not picking up the events in that time frame. however when I expand to 8hours from dropdown it is showing results.   Any one can help provide approach for this issue? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
a week ago