Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to count all created_date and closed_date that lies within specified time picker range?

Nic
Engager
‎07-27-2022 02:26 AM

Hi all,

I'm new to Dashboard Studio and I'm running into an issue. I have two dates in my dataset: a created_date and a closed_date. I want to count all created_date that lies in the specified time picker range, and I want to do the same for closed_date.

Splunk automatically creates tokens, $global_time.earliest$ and $global_time.latest$. I tried to compare using these tokens, but this doesn't work:

| eval earliest = $global_time.earliest$
| eval latest = $global_time.latest$
| eval epochcreated_date =strptime(created_date, "%Y-%m-%dT%H:%M:%S.%3N%z")
| where epochcreated_date>= earliest AND epochcreated_date<= latest

I hope someone here can point me in the right direction. Thanks in advance.

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-27-2022 02:39 AM

You could try using the times that the search is actually using - these are provided by the addinfo command

| addinfo
| eval epochcreated_date =strptime(created_date, "%Y-%m-%dT%H:%M:%S.%3N%z")
| where epochcreated_date>= info_min_time AND epochcreated_date<= info_max_time

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-27-2022 02:39 AM

You could try using the times that the search is actually using - these are provided by the addinfo command

| addinfo
| eval epochcreated_date =strptime(created_date, "%Y-%m-%dT%H:%M:%S.%3N%z")
| where epochcreated_date>= info_min_time AND epochcreated_date<= info_max_time
0 Karma
Reply
Solved! Jump to solution

Nic
Engager
‎07-27-2022 03:44 AM

Thank you so much!!! This is exactly what I needed, awesome!

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...