Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Display condition based result in dashboard (time comparison)

nilanjankc
New Member
‎07-02-2019 02:07 AM

Hi
I am New to Splunk
I have created one dashboard like below
ProcessName LastUpdated
ProcessA 2019-05-16 14:42:21.12
ProcessB 2019-05-16 14:50:21.12
ProcessC 2019-05-16 14:55:21.12

But now I have to show only those data/results where the difference between EventTimeand LastUpdated is greater than 10 minutes
I have written a search
*index=test source=testSource | table ProcessName LastUpdated |eval diff = _time - strptime(LastUpdated, "%Y-%m-%d %H:%M:%S")| where diff >= 600 *

But I am getting empty result/No reslut though there are some records which fulfills my criteria.

can anyone help ..

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-02-2019 02:42 AM

@nilanjankc ,

You dont have the _time in your final result because your are restricting the fields to ProcessName , LastUpdated by using the table command. Include _time as well in the table and you should be fine.

Also worth to check the time format and include microseconds if its needed

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-02-2019 02:42 AM

@nilanjankc ,

You dont have the _time in your final result because your are restricting the fields to ProcessName , LastUpdated by using the table command. Include _time as well in the table and you should be fine.

Also worth to check the time format and include microseconds if its needed

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

nilanjankc
New Member
‎07-02-2019 03:39 AM

Thank you for your help,its working now

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...