Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can the field be displayed dynamically in splunk?

flzhang132
Explorer
‎08-20-2018 09:06 AM

I want to show the data in the last few months.
For example, in the combox, when choosing the last a month, there is only one field in the table.
When choosing the last two months, there are two fields in the same table.
When choosing the last three months, there are three fields in the same table. And so on
alt text
Can the field be displayed dynamically in splunk?

Tags (1)
Preview file
1 KB
0 Karma
Reply

niketn
Legend
‎08-20-2018 09:45 AM

@flzhang132, it would be tough to assist without existing data and query you are trying to run. However, please try the following run anywhere example based on Splunk's _internal index:

<form>
  <label>Time Range Based on Dropdown</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="tokTime" searchWhenChanged="true">
      <label>Select Time</label>
      <choice value="earliest=-1mon@mon latest=now">Last 1 Month</choice>
      <choice value="earliest=-2mon@mon latest=now">Last 2 Months</choice>
      <choice value="earliest=-3mon@mon latest=now">Last 3 Months</choice>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=_internal sourcetype=splunkd log_level!=INFO $tokTime$
| bin _time span=1mon
| stats count by _time log_level
| eval Time=strftime(_time,"%Y%m")
| chart sum(count) by log_level Time</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">20</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...