Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to display time in panel?

stwong
Communicator
‎07-29-2020 03:58 AM

Hello,

I'm writing a simple dashboard with a time picker and some panels.

I try to display the from/to time selected by user in panel header.

It works if user select Date/Time range, but for relative time period (e.g. last 1 day, last 15 minutes), the earliest and latest time are non-numeric values like -d@d, now, etc.

Possible to get the search start/end time for relative time period cases?

Thanks a lot.

Regards

/ST Wong

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 02:45 AM

Hi

On answer

https://community.splunk.com/t5/Archive/Running-one-of-two-searches-based-on-time-picker-selection/t...

has said

Step 1) Run a dummy search (only use | makeresults to ensure actual index search is not performed) with the time tokens (assuming time picker field name is tokTime) as $tokTime.earliest$ and $tokTime.latest$.

Step 2) Code the Search Event Handler (in the example I have used <done>, <progress> can also be used. These Search Event Handlers can access default search time tokens i.e. $job.earliestTime$ and $job.latestTime$. But in String time format not epoch.

View solution in original post

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-29-2020 04:14 AM

Hi

Is this what you are looking for?

https://community.splunk.com/t5/Dashboards-Visualizations/What-s-the-Token-name-for-the-Time-Picker-...

r. Ismo

Reply
Solved! Jump to solution

stwong
Communicator
‎07-29-2020 06:17 PM

Hi,

Thanks.  I tried simple code like following but unable to get values in $job.earliestTime$ and $job.latestTime$.   Did i miss anything?

Thanks a lot.

<panel>
<single>
  <title>Total access for department $d_name$ between $job.earliestTime$  and 
 $job.latestTime$ </title>
  <search>
  <query>

[snipped]

 

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-30-2020 02:45 AM

Hi

On answer

https://community.splunk.com/t5/Archive/Running-one-of-two-searches-based-on-time-picker-selection/t...

has said

Step 1) Run a dummy search (only use | makeresults to ensure actual index search is not performed) with the time tokens (assuming time picker field name is tokTime) as $tokTime.earliest$ and $tokTime.latest$.

Step 2) Code the Search Event Handler (in the example I have used <done>, <progress> can also be used. These Search Event Handlers can access default search time tokens i.e. $job.earliestTime$ and $job.latestTime$. But in String time format not epoch.

Reply
Solved! Jump to solution

stwong
Communicator
‎07-30-2020 03:04 AM

Hi, thanks for your help.  It works when using with <done>.   

 

Rgds

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...