Hi @PrewinThomas Its working. fantastic!! ... View more

Hi @ITWhisperer , Firstly thanks for the responses. Below I am attaching the screenshot of the job detail dashboard for the complete search.   For more information I am splitting both the searches: First search : (index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | lookup isc_mordc id as isc_id OUTPUTNEW mark_code statistical_subject | lookup isc_areaname.csv isc_id as isc_id OUTPUTNEW area_name cell cluster subsystem | search subsystem="DEP/*" OR subsystem="DEC/*" | stats count(subsystem) as scada_count by cell cluster | table scada_count cell cluster Second search : index=internal_statistics_1h [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | table dda_count   Complete search : (index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | lookup isc_mordc id as isc_id OUTPUTNEW mark_code statistical_subject | lookup isc_areaname.csv isc_id as isc_id OUTPUTNEW area_name cell cluster subsystem | search subsystem="DEP/*" OR subsystem="DEC/*" | stats count(subsystem) as scada_count by cell cluster | table scada_count cell cluster | eval dda_count = [ search index=internal_statistics_1h [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults ... View more

@ITWhisperer I am reinitiates my question loop. Problem : The second sub search is always giving me the repetitive counts. Please guide me to fix it. Thanks in advance !!   ... View more

Hi @bowesmana, Thank you for your response. The only difference I have observed is that when I click on the second panel, it displays all results. I would like it so that when I click on “GTP,” it should display only the corresponding GTP values (e.g., 8 and 9). Could you please advise on how I can associate this filter with the second panel? ... View more

Hi @ITWhisperer  Below is my complete code. <form stylesheet="common:vanderlande.css, customer_reports=mordc.css" theme="dark"> <label>Daily Performance Dashboard ( Services )</label> <init> <!-- Ensure details are hidden until user clicks the first panel --> <unset token="tokShowDetails"></unset> </init> <fieldset submitButton="true"> <input type="time" token="time" searchWhenChanged="false"> <label>Time Selector</label> <default> <earliest>-24h@h</earliest> <latest>now</latest> </default> </input> </fieldset> <row> <panel> <single> <title>Depalletising, Decanting Faults per thousand cases ( Overall )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">all</option> <option name="numberPrecision">0</option> <option name="rangeColors">["0x53a051","0xf8be34","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">large</option> <option name="useColors">1</option> <drilldown> <set token="tokShowCluster">1</set> <unset token="tokShowCells"></unset> <unset token="tokCluster"></unset> </drilldown> </single> <single depends="$tokShowCluster$"> <title>Depalletising, Decanting Faults per thousand cases ( Cluster )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults BY cluster</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">all</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf1813f","0xdc4e41"]</option> <option name="rangeValues">[0,30,100]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">medium</option> <option name="trellis.splitBy">cluster</option> <option name="useColors">1</option> <!-- Click a cluster tile --> <drilldown> <set token="tokShowCells">1</set> </drilldown> </single> </panel> <panel> <single depends="$tokShowCells$"> <title>Depalletising, Decanting Faults per thousand cases ( Per Cell )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults BY cell</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">none</option> <option name="rangeColors">["0xf1813f","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="rangeValues">[1,30,70,100]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">small</option> <option name="useColors">1</option> </single> </panel> </row> </form>   ... View more

Hi @ITWhisperer  Thanks for working on this. While loading the dashboard at very first all the panels are loading including Overall, cluster and cells. I want to load Overall ( first) then click ---> load Clusters panel --> then click any cluster open only its respective cells and its count. One more issue I can see. While clicking back the panel one, I can se third panel is showing error with lookup.   ... View more

@bowesmana Thanks for all the suggestion. While applying in my real code. I am still facing an issue. As I provided my code below please help me to fix it.   <row> <panel> <single> <title>Depalletising, Decanting Faults per thousand cases ( Overall )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">all</option> <option name="numberPrecision">0.0</option> <option name="rangeColors">["0x53a051","0xf8be34","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">large</option> <option name="useColors">1</option> <drilldown> <set token="cluster">$trellis.value$</set> <set token="form.cluster">$trellis.value$</set> </drilldown> </single> <single > <title>Depalletising, Decanting Faults per thousand cases ( Cluster )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults BY cluster</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">all</option> <option name="rangeColors">["0x53a051","0x0877a6","0xf1813f","0xdc4e41"]</option> <option name="rangeValues">[0,30,100]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">medium</option> <option name="trellis.splitBy">cluster</option> <option name="useColors">1</option> <!-- Click a cluster tile --> <drilldown> <set token="cluster">$trellis.value$</set> <set token="form.cluster">$trellis.value$</set> </drilldown> </single> </panel> <panel> <single > <title>Depalletising, Decanting Faults per thousand cases ( Per Cell )</title> <search> <query>(index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) earliest=-30d latest=now | fields area zone equipment isc_id error error_status start_time | eval _time=coalesce(start_time, _time) | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject mis_address AS error OUTPUTNEW description operational_rate technical_rate alarm_severity | lookup internal_cell_cluster.csv isc_id AS isc_id OUTPUTNEW cell cluster | lookup mordc_Av_full_assets.csv Area AS area Zone AS zone Section AS equipment OUTPUT TopoID | lookup mordc_topo ID AS TopoID OUTPUT Description AS Area | where Area="Depalletizing, Decanting" AND technical_rate&gt;0 AND operational_rate&gt;0 AND isnotnull(alarm_severity) AND isnotnull(mark_code) | dedup isc_id error _time | stats count AS scada_count BY cell cluster | eval dda_count = [ search index=internal_statistics_1h earliest=-30d latest=now [ | inputlookup internal_statistics | where report="Throughput" AND level="step" AND measurement="Case" AND (step="Defoil and decanting" OR step="Defoil and depalletising") | fields id | rename id AS statistic_id ] | eval value=coalesce(value, sum_value) | stats sum(value) AS dda_count | return $dda_count ] | eval Faults = (scada_count/dda_count)*1000 | table cell cluster Faults | sort cell cluster | chart count(Faults) as Faults BY cell</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="colorMode">block</option> <option name="drilldown">none</option> <option name="rangeColors">["0xf1813f","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> <option name="rangeValues">[1,30,70,100]</option> <option name="refresh.display">progressbar</option> <option name="trellis.enabled">1</option> <option name="trellis.size">small</option> <option name="useColors">1</option> </single> </panel> </row> ... View more

I got the solutions. Thanks all the expertise for involving in this.  Issue was with the second search which was showing last 30 days only ( before 15th july only ) ... View more

@PickleRick Hi removed all the highlighted attributes from the query. But still I am not getting any results. (index=si_error source=scada (error_status=CAME_IN OR error_status=WENT_OUT) (_time=Null OR NOT virtual)) | fields - _raw | fields + area, zone, equipment, element, isc_id, error, error_status, start_time | search (area="*"), (zone="*"), (equipment="*"), (isc_id="*") | eval _time=exact(if(isnull(start_time),'_time',max(start_time,earliest_epoch))) | dedup isc_id error _time | fields - _virtual_, _cd_ | fillnull value="" element | sort 0 -_time -"_indextime" | streamstats window=2 global=false current=true earliest(_time) AS start latest(_time) AS stop, count AS count by area zone equipment element error | search error_status=CAME_IN | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | lookup new_ctcl_21_07.csv JoinedAttempt1 AS statistical_subject, mis_address AS error OUTPUTNEW description, operational_rate, technical_rate, alarm_severity | fillnull value=0 technical_rate operational_rate | fillnull value="-" alarm_severity mark_code | eval description=coalesce(description,("Unknown text for error number " . error)), error_description=((error . "-") . description), location=((mark_code . "-") . isc_id), stop=if((count == 1),null,stop), start=exact(coalesce(start_time,'_time')), start_window=max(start,earliest_epoch), stop_window=min(stop,if((latest_epoch > now()),now(),latest_epoch)), duration=round(exact((stop_window - start_window)),3) | fields + start, error_description, isc_id, duration, stop, mark_code, technical_rate, operational_rate, alarm_severity , area, zone, equipment | dedup isc_id error_description start | sort 0 start isc_id error_description asc | search technical_rate>* AND operational_rate>* (alarm_severity="*") (mark_code="*") | rename isc_id as Location, mark_code as "Mark code", technical_rate as "Technical %", operational_rate as "Operational %", alarm_severity as Severity | lookup mordc_Av_full_assets.csv Area as area, Zone as zone, Section as equipment output TopoID | lookup mordc_topo ID as TopoID output Description as Area | search Area="Depalletizing, Decanting" | stats count as Scada_count by Area | table Scada_count | appendcols [ search index=internal_statistics_1h [| inputlookup internal_statistics | where (step="Defoil and decanting" OR step="Defoil and depalletising") AND report="Throughput" AND level="step" AND measurement IN("Case") | fields id | rename id AS statistic_id] | eval value=coalesce(value, sum_value) | fields statistic_id value group_name location | eval _virtual_=if(isnull(virtual), "N", "Y"), _cd_=replace(_cd, ".*:", "") | sort 0 -_time _virtual_ -"_indextime" -_cd_ | dedup statistic_id _time group_name | fields - _virtual_ _cd_ | lookup internal_statistics id AS statistic_id OUTPUTNEW report level step measurement | stats sum(value) AS dda_count] Note : While executing both the queries individually. I a, getting the results. ... View more

@yuanliu I want to divide Scada_count/dda_count. This is my use case. ... View more

Hi @ITWhisperer  I have already used the finalized and done brackets, but the issue still persists. Additionally, I moved the saved search to the search app location to test, but it did not resolve the problem either. ... View more

@ITWhisperer  Sure, thanks for the suggestion. Let me check ... View more

@ITWhisperer So, if I remove the depends attributes, will it start working for the users? ... View more

@ITWhisperer  Below is my complete code. So do you any any possibility which is causing an issue ? What Can i fix here so it will work for all the users ? <form script="common:common.js, common:remove_elements.js, customer_reports:attrchange.js, customer_reports:kpi_dashboard.js" stylesheet="common:vanderlande.css, kpi_dashboard.css, common:project_specific.css" hideEdit="true" version="1.1"> <label>KPI Dashboard</label> <search id="thresholds"> <query>| savedsearch report_kpi_dashboard_thresholds</query> <finalized> <!-- Availability --> <eval token="availability_min_value">$result.system_dashboard_availability_min_value$-0.0001</eval> <eval token="availability_max_value">$result.system_dashboard_availability_max_value$+0.0001</eval> <set token="availability_max_range_threshold">$result.system_dashboard_availability_max_range_threshold$</set> <!-- Completeness --> <eval token="completeness_min_value">$result.system_dashboard_completeness_min_value$-0.0001</eval> <eval token="completeness_max_value">$result.system_dashboard_completeness_max_value$+0.0001</eval> <set token="completeness_max_range_threshold">$result.system_dashboard_completeness_max_range_threshold$</set> <!-- Group Coherence --> <eval token="group_coherence_min_value">$result.system_dashboard_group_coherence_min_value$-0.0001</eval> <eval token="group_coherence_max_value">$result.system_dashboard_group_coherence_max_value$+0.0001</eval> <set token="group_coherence_max_range_threshold">$result.system_dashboard_group_coherence_max_range_threshold$</set> <!-- Lead Time --> <eval token="lead_time_min_value">$result.system_dashboard_lead_time_min_value$-0.0001</eval> <eval token="lead_time_max_value">$result.system_dashboard_lead_time_max_value$+0.0001</eval> <set token="lead_time_max_range_threshold">$result.system_dashboard_lead_time_max_range_threshold$</set> <!-- On-Time --> <eval token="on-time_min_value">$result.system_dashboard_on-time_min_value$-0.0001</eval> <eval token="on-time_max_value">$result.system_dashboard_on-time_max_value$+0.0001</eval> <set token="on-time_max_range_threshold">$result.system_dashboard_on-time_max_range_threshold$</set> <!-- Partitioning --> <eval token="partitioning_min_value">$result.system_dashboard_partitioning_min_value$-0.0001</eval> <eval token="partitioning_max_value">$result.system_dashboard_partitioning_max_value$+0.0001</eval> <set token="partitioning_max_range_threshold">$result.system_dashboard_partitioning_max_range_threshold$</set> <!-- Productivity --> <eval token="productivity_min_value">$result.system_dashboard_productivity_min_value$-0.0001</eval> <eval token="productivity_max_value">$result.system_dashboard_productivity_max_value$+0.0001</eval> <set token="productivity_max_range_threshold">$result.system_dashboard_productivity_max_range_threshold$</set> <!-- Throughput --> <eval token="throughput_min_value">$result.system_dashboard_throughput_min_value$-0.0001</eval> <eval token="throughput_max_value">$result.system_dashboard_throughput_max_value$+0.0001</eval> <set token="throughput_max_range_threshold">$result.system_dashboard_throughput_max_range_threshold$</set> <!-- Utilization --> <eval token="utilization_min_value">$result.system_dashboard_utilization_min_value$-0.0001</eval> <eval token="utilization_max_value">$result.system_dashboard_utilization_max_value$+0.0001</eval> <set token="utilization_max_range_threshold">$result.system_dashboard_utilization_max_range_threshold$</set> </finalized> </search> <search id="operational_hours"> <query>| savedsearch set_operational_hours</query> <finalized> <set token="operational_start_time">$result.operational_start_time$</set> <set token="operational_end_time">$result.operational_end_time$</set> <eval token="time.earliest_epoch">if($form.time.earliest$="",0,if(isnum($form.time.earliest$),$form.time.earliest$,relative_time(now(),$form.time.earliest$)))+($operational_start_time$*3600)</eval> <eval token="time.latest_epoch">if(isnum($form.time.latest$),$form.time.latest$,relative_time(now(),$form.time.latest$))+($operational_start_time$*3600)</eval> </finalized> </search> <fieldset autoRun="true" submitButton="false"> <input id="time" type="time" token="time" depends="$operational_start_time$, $operational_end_time$" searchWhenChanged="true"> <label>Time</label> <default> <earliest>-7d@h</earliest> <latest>now</latest> </default> <change> <eval token="time.earliest_epoch">if('earliest'="",0,if(isnum('earliest'),'earliest'+($operational_start_time$*3600),relative_time(now(),'earliest')))+($operational_start_time$*3600)</eval> <eval token="time.latest_epoch">if('earliest'="",0,if(isnum('earliest'),'earliest'+(86400)+($operational_start_time$*3600),relative_time(now(),'earliest')))+(86400)+($operational_start_time$*3600)</eval> </change> </input> </fieldset> <row> <panel> <title>Throughput</title> <chart id="throughput"> <search> <query>| savedsearch report_kpi_dashboard_throughput operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$throughput_min_value$,$throughput_max_range_threshold$,$throughput_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0x3FC77A","0xB44441"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Cases</center> </html> </panel> <panel> <title>Availability</title> <chart id="availability"> <search> <query>| savedsearch report_kpi_dashboard_availability operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$availability_min_value$,$availability_max_range_threshold$,$availability_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>Completeness</title> <chart id="completeness"> <search> <query>| savedsearch report_kpi_dashboard_completeness operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$completeness_min_value$,$completeness_max_range_threshold$,$completeness_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>On-Time</title> <chart id="on_time"> <search> <query>| savedsearch report_kpi_dashboard_on_time operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$on-time_min_value$,$on-time_max_range_threshold$,$on-time_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>Lead Time</title> <chart id="lead_time"> <search> <finalized> <eval token="lead_time">now()</eval> </finalized> <query>| savedsearch report_kpi_dashboard_lead_time operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.majorUnit">1800</option> <option name="charting.chart.rangeValues">[$lead_time_min_value$,$lead_time_max_range_threshold$,$lead_time_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0x3FC77A","0xB44441"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Duration (hh:mm)</center> </html> </panel> </row> <row> <panel> <title>Utilization</title> <chart id="utilization"> <search> <query>| savedsearch report_kpi_dashboard_lfl_utilisation operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$utilization_min_value$,$utilization_max_range_threshold$,$utilization_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>Partitioning</title> <chart id="partitioning"> <search> <query>| savedsearch report_kpi_dashboard_lfl_partitioning operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$partitioning_min_value$,$partitioning_max_range_threshold$,$partitioning_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>Group Coherence</title> <chart id="group_coherence"> <search> <query>| savedsearch report_kpi_dashboard_lfl_group_coherence operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$group_coherence_min_value$,$group_coherence_max_range_threshold$,$group_coherence_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Percentage</center> </html> </panel> <panel> <title>Productivity</title> <chart id="productivity"> <search> <query>| savedsearch report_kpi_dashboard_productivity operational_start_time=$operational_start_time$ operational_end_time=$operational_end_time$ earliest_epoch=$time.earliest_epoch$</query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <option name="charting.chart">radialGauge</option> <option name="charting.chart.rangeValues">[$productivity_min_value$,$productivity_max_range_threshold$,$productivity_max_value$]</option> <option name="charting.chart.showMinorTicks">1</option> <option name="charting.chart.style">minimal</option> <option name="charting.gaugeColors">["0xB44441","0x3FC77A"]</option> <option name="refresh.display">progressbar</option> </chart> <html> <center>Cases/Hour</center> </html> </panel> <panel></panel> </row> </form>    ... View more

hi @ITWhisperer Its hard for me to share complete events. FYI to you  Area, zone, equipment fields are coming from the index search while other fields are coming through lookups. ... View more

@tej57 Hi Tejas thanks for the answer  but I don't want chatgpt or any other AI promt answers. ... View more

Hi @gcusello  | datamodel Mmm_availability adapto_shuttle_alarm flat | lookup Alarm_list_adapto_details.csv ERROR_ID as ALARMID OUTPUTNEW DESCRIPTION Max_duration Min_duration OPERATIONAL TECHNICAL | rename Max_duration as MAX_DURATION Min_duration as MIN_DURATION DESCRIPTION as description ID as id | eval matchField = BLOCK."".SHUTTLEID | lookup mordc_topo modified_field as matchField OUTPUTNEW ID "Parent Description" as Name Asas as asas Weight as Weight modified_field as isc_id | table _time ID ALARMID description OPERATIONAL TECHNICAL Name Weight asas isc_id event_time MAX_DURATION MIN_DURATION state | append [ search index=mess sourcetype="EquipmentEventReport" "EquipmentEventReport.EquipmentEvent.Detail.State" IN("CAME_IN","WENT_OUT") | spath input=_raw path=EquipmentEventReport.EquipmentEvent.ID.Location.PhysicalLocation.AreaID output=area | spath input=_raw path=EquipmentEventReport.EquipmentEvent.ID.Location.PhysicalLocation.ZoneID output=zone | spath input=_raw path=EquipmentEventReport.EquipmentEvent.ID.Location.PhysicalLocation.EquipmentID output=equipment | search area=* | dedup _raw | lookup mordc_site_specific_scada_alarms.csv MsgNr as MsgNr OUTPUTNEW Alarmtext Functiongroup | eval zone=if(len(zone)==1,"0".zone,zone), equipment=if(len(equipment)==1,"0".equipment,equipment) | eval isc_id=area.".".zone.".".equipment | fields _time, isc_id, area, zone, equipment start_time element error error_status description event_time state MsgNr Alarmtext Functiongroup alarm_severity | fields - _raw, Alarmtext Functiongroup, MsgNr | lookup isc id AS isc_id OUTPUTNEW statistical_subject mark_code | eval statistical_subject = trim(statistical_subject) | lookup Alarm_list_details_scada_mordc.csv component_type_id AS statistical_subject OUTPUTNEW operational_rate technical_rate maximum_duration minimum_duration alarm_severity | search alarm_severity IN ("High", "Medium") | lookup mordc_topology.csv modified_field as isc_id OUTPUTNEW ID "Description" as Name Asas as asas Weight as Weight | rename operational_rate as OPERATIONAL technical_rate as TECHNICAL maximum_duration as MAX_DURATION minimum_duration as MIN_DURATION | table _time ID description OPERATIONAL TECHNICAL Name Weight asas isc_id event_time MAX_DURATION MIN_DURATION state Alarmtext Functiongroup] Giving below multi value field results. ... View more

@isoutamo I am using only time selector in the dashboard and code for the time selector as mentioned below. <input id="time" type="time" token="time" depends="$operational_start_time$, $operational_end_time$" searchWhenChanged="true"> <label>Time</label> <default> <earliest>-7d@h</earliest> <latest>now</latest> </default> <change> <eval token="time.earliest_epoch">if('earliest'="",0,if(isnum('earliest'),'earliest'+($operational_start_time$*3600),relative_time(now(),'earliest')))+($operational_start_time$*3600)</eval> <eval token="time.latest_epoch">if('earliest'="",0,if(isnum('earliest'),'earliest'+(86400)+($operational_start_time$*3600),relative_time(now(),'earliest')))+(86400)+($operational_start_time$*3600)</eval> </change> ... View more

@marycordova  Thank you for the valuable suggestion. The approach you've shared is indeed effective. However, in our current environment, implementing a user-based license model may not be feasible due to internal policy and stakeholder alignment constraints. We are exploring alternatives that align with our existing licensing agreements. ... View more