Solved: Re: How to create dynamic label based on time inpu...

pgates · ‎02-01-2023

I have a simple form that has a global search to set up the initial values of a time input. With that global search, I also set a token for a label on my form.

I'd like to update that label when a new value is chosen from the time input, but I cannot get it to work.

Here is a full simple example to show what I mean. If I change the time picker, I'd expect the label to be updated to reflect that change.

<form hideFilters="false">
  <search id="starttimesearch">
    <query>
     | makeresults 
     | eval startHours=relative_time(now(), "@h-36h")
     | eval startTimeStr=strftime(startHours, "%B %d, %Y %H:%M")
   </query>
    <done>
      <set token="form.timeRange.earliest">$result.startHours$</set>
      <set token="form.timeRange.latest">now</set>
      <set token="time_label">Since $result.startTimeStr$</set>
    </done>
  </search>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="timeRange" searchWhenChanged="true">
      <label>Time</label>
      <default>
      </default>
      <change>
        <set token="time_change_start">strftime($timeRange.earliest$", "%B %d/%Y %H:%M")</set>
        <set token="time_change_end">strftime($timeRange.latest$", "%B %d/%Y %H:%M")</set>
        <eval token="time_label">case($timeRange.latest$ == now(), "Since $time_change_start$", 1==1, "From $time_change_start$ to %time_change_end$)</eval>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <html>
        The time label is $time_label$
      </html>
    </panel>
  </row>
</form>

bowesmana · ‎02-01-2023

There are a number of small problems with the token handling, but the principle will not work in general as time input picker values do not get evaluated to their epoch times until the search runs, so your test for $timeRange.latest$=now() will never work, as the token has the string value of "now".

Also, these issues

<set token="time_change_start">strftime($timeRange.earliest$", "%B %d/%Y %H:%M")</set>
<set token="time_change_end">strftime($timeRange.latest$", "%B %d/%Y %H:%M")</set>
<eval token="time_label">case($timeRange.latest$ == now(), "Since $time_change_start$", 1==1, "From $time_change_start$ to %time_change_end$)</eval>

The first two could more easily be <eval> anyway rather than set, but you also have a trailing quote " after the token.

The last eval has a % before time_change_end, not a $, so that's breaking the eval. Also, as mentioned above, you cannot compare to now().

See this example of using a global search based on the time picker and then addinfo + <done> to set tokens.

<form hideFilters="false">
  <search id="starttimesearch">
    <query>
     | makeresults 
     | eval startHours=relative_time(now(), "@h-36h")
     | eval startTimeStr=strftime(startHours, "%B %d, %Y %H:%M")
   </query>
    <done>
      <set token="form.timeRange.earliest">$result.startHours$</set>
      <set token="form.timeRange.latest">now</set>
      <set token="time_label">Since $result.startTimeStr$</set>
    </done>
  </search>
  <search>
    <query>
| makeresults
| addinfo
| eval startTimeStr=strftime(info_min_time, "%B %d, %Y %H:%M")
| eval endTimeStr=strftime(info_max_time, "%B %d, %Y %H:%M")
    </query>
    <done>
      <set token="time_label">From $result.startTimeStr$ to $result.endTimeStr$</set>
    </done>
    <earliest>$timeRange.earliest$</earliest>
    <latest>$timeRange.latest$</latest>
  </search>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="timeRange" searchWhenChanged="true">
      <label>Time</label>
      <default>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <html/>
    </panel>
    <panel>
      <html>
        The time label is $time_label$<p/>
      </html>
    </panel>
  </row>
</form>

View solution in original post

bowesmana · ‎02-01-2023

There are a number of small problems with the token handling, but the principle will not work in general as time input picker values do not get evaluated to their epoch times until the search runs, so your test for $timeRange.latest$=now() will never work, as the token has the string value of "now".

Also, these issues

<set token="time_change_start">strftime($timeRange.earliest$", "%B %d/%Y %H:%M")</set>
<set token="time_change_end">strftime($timeRange.latest$", "%B %d/%Y %H:%M")</set>
<eval token="time_label">case($timeRange.latest$ == now(), "Since $time_change_start$", 1==1, "From $time_change_start$ to %time_change_end$)</eval>

The first two could more easily be <eval> anyway rather than set, but you also have a trailing quote " after the token.

The last eval has a % before time_change_end, not a $, so that's breaking the eval. Also, as mentioned above, you cannot compare to now().

See this example of using a global search based on the time picker and then addinfo + <done> to set tokens.

<form hideFilters="false">
  <search id="starttimesearch">
    <query>
     | makeresults 
     | eval startHours=relative_time(now(), "@h-36h")
     | eval startTimeStr=strftime(startHours, "%B %d, %Y %H:%M")
   </query>
    <done>
      <set token="form.timeRange.earliest">$result.startHours$</set>
      <set token="form.timeRange.latest">now</set>
      <set token="time_label">Since $result.startTimeStr$</set>
    </done>
  </search>
  <search>
    <query>
| makeresults
| addinfo
| eval startTimeStr=strftime(info_min_time, "%B %d, %Y %H:%M")
| eval endTimeStr=strftime(info_max_time, "%B %d, %Y %H:%M")
    </query>
    <done>
      <set token="time_label">From $result.startTimeStr$ to $result.endTimeStr$</set>
    </done>
    <earliest>$timeRange.earliest$</earliest>
    <latest>$timeRange.latest$</latest>
  </search>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="timeRange" searchWhenChanged="true">
      <label>Time</label>
      <default>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <html/>
    </panel>
    <panel>
      <html>
        The time label is $time_label$<p/>
      </html>
    </panel>
  </row>
</form>

pgates · ‎02-06-2023

Awesome - was unaware of addinfo.

How to create dynamic label based on time input change?

form

token

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Are you a member of the Splunk Community?