Dashboards & Visualizations

How to automatically set earliest and latest to the panels when the dashboard loads?

Path Finder


I have a dashboard which contains couple of panels and it receives events once in a month for a year calendar.
I have specific dates for each months.
Let's say for the current month it has events on 10-02-2020 and earliest is "02/10/2020:00:00:00 and latest is "02/10/2020:24:00:00", In the next month it will be on 20-03-2020, In such a way every month it has events on a specific day.
When I load the dashboard the earliest and latest values should be set for the current month on the day when events arrived. When the next month(March) events arrives the earliest and latest should be set as earliest = "03/20/2020:00:00:00 and latest is "03/20/2020:24:00:00".
The earliest and latest values should not change until next month date is matched.

0 Karma


Maybe not exactly what you are after, how about you have the panels to search for the last let's say 33 days and then restrict your search this way

    YOUR_SEARCH | eval report_month = lower(strftime(now(),"%B")), report_day = 20 | where date_month = report_month AND date_mday = report_day

Assuming your initial search has events with this index/source/sourcetype only on the one day it shouldn't take too long to run

0 Karma


Have not come across such a feature in Splunk.
What you can do is create a Global time filter for the Dashboard and pass the token to each panel. You will need to update and save the global time token on a monthly basis to set the time range as required.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!