Archive
Highlighted

How to parametrize my search?

New Member

Hi,
Can we parametrize the splunk queries?

Here is the query and i want to parameterize the "-7".

index=xyz sourcetype=n1 earliest=-7d@d "abc p=save" " xm=POST"  |
  rex field=msg " tt=(?[0-9]+)" | 
  fields id, time |
  stats count (id) as COUNT
        perc50(time) as a
        perc90(time) as k
0 Karma
Highlighted

Re: How to parametrize my search?

Motivator

Yes we can by using the time picker and use its value in the query if this is in a dashboard or report.

Please see here for similar question
https://answers.splunk.com/answers/139043/can-we-add-a-time-range-picker-that-interacts-dynamically-...

Please see here docs on how to add a time picker to dashboard
http://docs.splunk.com/Documentation/Splunk/6.5.1/Viz/FormEditor#Add_a_time_input_to_a_form

For report, while saving the report, add a time picker option can be selected.

0 Karma
Highlighted

Re: How to parametrize my search?

New Member

Ok…let me be more specific…
I have created a report and calling this report by ODBC connection like

Select * from splunk_report1.

This report runs the above mentioned query and i want to pass the value for the "earliest" so i can change last 7 days to last 1 day if required.

0 Karma