Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add a filter on time field in a dashboard (to search a specific day)

kvnpichon
Path Finder
‎07-27-2020 06:09 AM

Hello Splunkers,

I have created a dashboard about the number of events indexed per day (history).

This what it looks like :

history_indexing_dashboard.png

 

 

 

 

 

My question is, how can I create a select/search field to be able to specify a date (format : YYYY-MM-DD) and display the number of events for this specific date  ?

For example I specify the "2020-07-26" date in the search field  and the dashboard must displays the only line with the date and the number of events at this date (Number of Events = 107119 in the example).

Hope you can help me,

Regards

Labels (3)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

kvnpichon
Path Finder
‎07-28-2020 12:51 AM

Hello,

I found a solution to my issue :

I used a time range picker and used the $time$ token.

In the source code of my dashboard (xml) I added 2 lines just after the query  :

<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>

So, now its looks like :

kvnpichon_0-1595922643868.png

Thanks for reply.

View solution in original post

Reply
Solved! Jump to solution

spitchika
Path Finder
‎07-27-2020 08:24 AM

1# Best way is, populate all your _time into Dropdown input and select from there. You can just include dropdown and in search string you can give a query to populate dates (I think you already have that query based on your screenshot)

2# in case your dates are too many then its difficult to select from drop down, in that case you can go with "Textbox" input type, It will act as variable in programming language :).

0 Karma
Reply
Solved! Jump to solution

spitchika
Path Finder
‎07-27-2020 08:27 AM

In both these cases you need to use input field token in your query like $Token$ to use it as variable.

Reply
Solved! Jump to solution
Solution

kvnpichon
Path Finder
‎07-28-2020 12:51 AM

Hello,

I found a solution to my issue :

I used a time range picker and used the $time$ token.

In the source code of my dashboard (xml) I added 2 lines just after the query  :

<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>

So, now its looks like :

kvnpichon_0-1595922643868.png

Thanks for reply.

Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...