Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to display date range from the time range dropdown selector in Dashboard Studio?

LearningGuy
Builder
‎01-31-2024 02:49 PM

Hello,
How to display date range from the time range dropdown selector in the Dashboard Studio?
Thank you for your help
I am currently using Visualization Type " Table" and create data configuration with the following search:
info_min_time & info_max_time gave me duplicate data for each row and I had to use dedup

Is this a proper way to do it?
Is there a way to use the time token ($timetoken.earliest$ or $timetoken.latest$) from the time range dropdown selector in the search from data configuration (not in XML)

index=test
| addinfo
| eval info_min_time="From: ". strftime(info_min_time,"%b %d %Y %H:%M:%S")
| eval info_max_time="To: ". strftime(info_max_time,"%b %d %Y %H:%M:%S")
| dedup info_min_time, info_max_time
| table info_min_time, info_max_time

 

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-01-2024 02:02 AM 
{
	"visualizations": {
		"viz_1putkd4H": {
			"type": "splunk.table",
			"options": {},
			"dataSources": {
				"primary": "ds_P8DuhImO"
			}
		}
	},
	"dataSources": {
		"ds_P8DuhImO": {
			"type": "ds.search",
			"options": {
				"query": "| makeresults\n| fields - _time\n| addinfo\n| rename info_min_time as earliest\n| rename info_max_time as latest\n| fieldformat earliest=strftime(earliest,\"%F %T\")\n| fieldformat latest=strftime(latest,\"%F %T\")\n| table earliest latest"
			},
			"name": "time_selected"
		}
	},
	"defaults": {
		"dataSources": {
			"ds.search": {
				"options": {
					"queryParameters": {
						"latest": "$global_time.latest$",
						"earliest": "$global_time.earliest$"
					}
				}
			}
		}
	},
	"inputs": {
		"input_global_trp": {
			"type": "input.timerange",
			"options": {
				"token": "global_time",
				"defaultValue": "-24h@h,now"
			},
			"title": "Global Time Range"
		}
	},
	"layout": {
		"type": "absolute",
		"options": {
			"display": "auto-scale",
			"height": 1200
		},
		"structure": [
			{
				"item": "viz_1putkd4H",
				"type": "block",
				"position": {
					"x": 0,
					"y": 0,
					"w": 1200,
					"h": 90
				}
			}
		],
		"globalInputs": [
			"input_global_trp"
		]
	},
	"description": "",
	"title": "studio times"
}

View solution in original post

Reply
Solved! Jump to solution

LearningGuy
Builder
‎02-01-2024 01:44 PM

Hello,

I changed the code to below to show "From and To" in the sample report below
1) Is there a way to change "From" and "To" as Bold font, and leave the rest as regular font
2) Is it possible to just put the time token ($time.earliest) literally next to From in the dashboard? 
3) Does addinfo obtain the data from makeresult, so I don't need to use index and have multiple rows of info_min_time?
Thank you for your help

| makeresults
| fields - _time
| addinfo
| rename info_min_time as earliest
| rename info_max_time as latest
| fieldformat earliest="From: " . strftime(earliest,"%b %d %Y %H:%M:%S")
| fieldformat latest="To: ". strftime(latest,"%b %d %Y %H:%M:%S")
| table earliest latest


LearningGuy_0-1706823438940.png

{
	"visualizations": {
		"viz_1putkd4H": {
			"type": "splunk.table",
			"options": {
				"headerVisibility": "none",
				"backgroundColor": "transparent",
				"tableFormat": {
					"rowBackgroundColors": "> table | seriesByIndex(0) | pick(tableAltRowBackgroundColorsByBackgroundColor)",
					"headerBackgroundColor": "> backgroundColor | setColorChannel(tableHeaderBackgroundColorConfig)",
					"rowColors": "> rowBackgroundColors | maxContrast(tableRowColorMaxContrast)",
					"headerColor": "> headerBackgroundColor | maxContrast(tableRowColorMaxContrast)"
				}
			},
			"dataSources": {
				"primary": "ds_P8DuhImO"
			}
		},
		"viz_JKbWkEG0": {
			"type": "splunk.markdown",
			"options": {
				"markdown": ""
			}
		},
		"viz_c9htuqvf": {
			"type": "splunk.markdown",
			"options": {
				"markdown": "# Sample Report"
			}
		},
		"viz_lxib04FT": {
			"type": "splunk.rectangle"
		},
		"viz_Ba02NPRN": {
			"type": "splunk.rectangle",
			"options": {
				"fillColor": "#ffffff"
			}
		}
	},
	"dataSources": {
		"ds_P8DuhImO": {
			"type": "ds.search",
			"options": {
				"query": "| makeresults\n| fields - _time\n| addinfo\n| rename info_min_time as earliest\n| rename info_max_time as latest\n| fieldformat earliest=\"From: \" . strftime(earliest,\"%b %d %Y %H:%M:%S\")\n| fieldformat latest=\"To: \". strftime(latest,\"%b %d %Y %H:%M:%S\")\n| table earliest latest"
			},
			"name": "time_selected"
		}
	},
	"defaults": {
		"dataSources": {
			"ds.search": {
				"options": {
					"queryParameters": {
						"latest": "$global_time.latest$",
						"earliest": "$global_time.earliest$"
					}
				}
			}
		}
	},
	"inputs": {
		"input_global_trp": {
			"type": "input.timerange",
			"options": {
				"token": "global_time",
				"defaultValue": "-24h@h,now"
			},
			"title": "Global Time Range"
		}
	},
	"layout": {
		"type": "absolute",
		"options": {
			"display": "auto-scale",
			"height": 1200
		},
		"structure": [
			{
				"item": "viz_JKbWkEG0",
				"type": "block",
				"position": {
					"x": 170,
					"y": 110,
					"w": 300,
					"h": 300
				}
			},
			{
				"item": "viz_lxib04FT",
				"type": "block",
				"position": {
					"x": 10,
					"y": 0,
					"w": 1190,
					"h": 70
				}
			},
			{
				"item": "viz_c9htuqvf",
				"type": "block",
				"position": {
					"x": 520,
					"y": 20,
					"w": 290,
					"h": 50
				}
			},
			{
				"item": "viz_Ba02NPRN",
				"type": "block",
				"position": {
					"x": 10,
					"y": 70,
					"w": 1190,
					"h": 40
				}
			},
			{
				"item": "viz_1putkd4H",
				"type": "block",
				"position": {
					"x": 320,
					"y": 70,
					"w": 620,
					"h": 60
				}
			}
		],
		"globalInputs": [
			"input_global_trp"
		]
	},
	"description": "",
	"title": "studio times"
}

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-01-2024 02:40 PM

Using addinfo gets the time from the time-picker i.e. the global time-picker in this instance, as a epoch time rather than what was selected, for example, if you chose last 5 minutes, the token would have "now" as the value for $global.latest$ rather than the epoch time equivalent for the current time.

If you want to use bold and other decorations, you might consider markup panels. and you might be able to use token values here.

Reply
Solved! Jump to solution

LearningGuy
Builder
‎02-02-2024 08:42 AM

Hello,
Is using makeresult same as using index, if my goal is only to obtain info_min_time and info_max_time from addinfo?

If I only use | addinfo without makeresults, why did it gave me a lot of results?
Thank you so much

LearningGuy_0-1706892387909.png

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-02-2024 10:22 AM

addinfo adds the info_* fields to all the events in the event pipeline i.e. what ever is returned by your index search. makeresults (by default) created a single event. This can be changed with the count parameter, e.g. makeresults count=10

Reply
Solved! Jump to solution

LearningGuy
Builder
‎02-05-2024 09:56 AM


Thanks @ITWhisperer 
Using makeresult to pull the time is much faster than index since it only pulls a single event

Is it possible to change the font type (bold), color and background in Visualization Type "Table"?

Thanks again!!


0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-06-2024 01:02 AM

This is a different question - try searching answers for a relevant topic

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎02-01-2024 02:02 AM 
{
	"visualizations": {
		"viz_1putkd4H": {
			"type": "splunk.table",
			"options": {},
			"dataSources": {
				"primary": "ds_P8DuhImO"
			}
		}
	},
	"dataSources": {
		"ds_P8DuhImO": {
			"type": "ds.search",
			"options": {
				"query": "| makeresults\n| fields - _time\n| addinfo\n| rename info_min_time as earliest\n| rename info_max_time as latest\n| fieldformat earliest=strftime(earliest,\"%F %T\")\n| fieldformat latest=strftime(latest,\"%F %T\")\n| table earliest latest"
			},
			"name": "time_selected"
		}
	},
	"defaults": {
		"dataSources": {
			"ds.search": {
				"options": {
					"queryParameters": {
						"latest": "$global_time.latest$",
						"earliest": "$global_time.earliest$"
					}
				}
			}
		}
	},
	"inputs": {
		"input_global_trp": {
			"type": "input.timerange",
			"options": {
				"token": "global_time",
				"defaultValue": "-24h@h,now"
			},
			"title": "Global Time Range"
		}
	},
	"layout": {
		"type": "absolute",
		"options": {
			"display": "auto-scale",
			"height": 1200
		},
		"structure": [
			{
				"item": "viz_1putkd4H",
				"type": "block",
				"position": {
					"x": 0,
					"y": 0,
					"w": 1200,
					"h": 90
				}
			}
		],
		"globalInputs": [
			"input_global_trp"
		]
	},
	"description": "",
	"title": "studio times"
}
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...