Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can we pass time from a search to time picker and all other panels?

splunker9999
Path Finder
‎06-26-2017 07:44 AM

Hi,

We have 2 inputs
1 .Input has some base search and it gives some time value(consider peak time)
Ex: time value is as 03/21/2016 09:00:00

  1. 2nd Input is time picker, We need to pass peaktime on to time picker as earliest time and latest time should be 1min greater than earliest time.
    Ex: earliesttime = 03/21/2016 09:00:00 and latesttime = earliesttime + 1min(03/21/2016 09:01:00)

  2. All dashboard panels will take 2nd input as time value.

Can someone please help us with this customization?

Thanks

Tags (1)
0 Karma
Reply

maciep
Champion
‎07-02-2017 05:44 AM

Something like this maybe?

<form>
  <label>Playing Around</label>
  <fieldset submitButton="true">
    <input type="dropdown" token="t_use_time" searchWhenChanged="true">
      <label>Found Time</label>
      <fieldForLabel>show_time</fieldForLabel>
      <fieldForValue>use_time</fieldForValue>
      <selectFirstChoice>true</selectFirstChoice>
      <search>
        <query>| tstats latest(_time) as last where index=_internal 
| eval use_time = relative_time(last,"-4h")
| eval show_time = strftime(use_time,"%D %H:%M:%S")</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <change>
        <eval token="form.t_time.earliest">$value$</eval>
        <eval token="form.t_time.latest">relative_time($value$,"+1m")</eval>
      </change>
    </input>
    <input type="time" token="t_time" searchWhenChanged="true" depends="my_earliest">
      <label>Choose Time:</label>
      <default>
        <earliest>-1h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>Test</title>
        <search>
          <query>|  tstats count where index=_internal by sourcetype</query>
          <earliest>$t_time.earliest$</earliest>
          <latest>$t_time.latest$</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

The dropdown is simple search to get a "peak" time. When that dropdown changes, it sets the earliest/latest values of the timepicker accordingly - earliest is the value of the dropdown, latest is the value in the dropdown + 1 minute. Then the panel uses the timepicker's earliest/latest value.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...