Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you deploy year wise filter in the splunk dashboard?

shailesh069
Engager
‎04-24-2019 02:52 AM

I get the string and match the string but it has to go through all the database , so getting performance issue

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎04-24-2019 08:03 AM

@shailesh069 can you share your current search, so we can help you improve it?

Should be as simple as: earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" to get all events from 2018.

Edit: for integrating that in a dashboard with a dropdown: Define a dropdown with the desired selection of years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

View solution in original post

Reply
Solved! Jump to solution

shailesh069
Engager
‎04-24-2019 09:39 PM

@FrankVl But this " earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" " is hardcoded. I want a dropdown in the dashoard , in which if I select "2019" is in dropdown then it should filter the data in the dashboard according to that year. How can we do it.

What I did is I created a dropdown with the "2019", "2018", "2017" after that when user click it, I am doing my filter. So this way it has to see whole events to extract. But what I wan to do is when user clicks the "2019" the events restricted itself to the "2019" events

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-25-2019 12:11 AM

Then define a dropdown with those years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

0 Karma
Reply
Solved! Jump to solution

shailesh069
Engager
‎04-25-2019 12:48 AM

@FrankVl Thanks a lot , I got it. I will try this.

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-25-2019 02:11 AM

Good luck. I changed my earlier comment to an answer and added this part as well. If it works for you, please mark that answer as accepted 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎04-24-2019 08:03 AM

@shailesh069 can you share your current search, so we can help you improve it?

Should be as simple as: earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" to get all events from 2018.

Edit: for integrating that in a dashboard with a dropdown: Define a dropdown with the desired selection of years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

Reply
Solved! Jump to solution

p_gurav
Champion
‎04-24-2019 07:16 AM

Did you try using splunk internal field called date_year?

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-24-2019 08:01 AM

That is dangerous as it will only be available when splunk parses the time from the event content. If you have data sources where you use "current time" for the timestamp, it will not have those date_ fields. Also, those field can be disabled (for performance reasons).

0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Announcing the General Availability of Splunk Enterprise Security 8.1!

We are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only ...

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...
Top