Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to dynamically set trendInterval option of a Single Value visualization equal to a Time input's range?

bschaap
Path Finder
‎08-06-2018 12:00 PM

Does anyone know how to dynamically set the trendInterval option of a Single Value visualization equal to a time interval specified in a Time input?

I believe I need to set the value equal to a token like below but am unsure how to set $mytoken$ equal to a time interval based on the range chosen in a Time input. However, I can't seem to get it to work.

<input type="time" token="tf">
  <change>
    <eval token="days">round(($tf.earliest$ - $tf.latest$)/86400,0)</eval>
  </change>
  <label></label>
  <default>
    <earliest>-4h@m</earliest>
    <latest>now</latest>
  </default>
</input>

...
&ltsingle&gt
...
&ltoption name="trendInterval"&gt$days$d&lt/option&gt
...
&lt/single&gt

Tags (1)
0 Karma
Reply

jtafese
New Member
‎05-12-2020 12:01 PM

The scenario you've described can be solved using this work around, if your dashboard is not too big. If the time for the trendInterval is from a finite set, then you can have different panels for each trendInterval, and toggle their appearance by the use of tokens that can be set and unset. For example, if the time intervals you are interested in are 24hr and 1week, you can do the following:

<input type="dropdown" token="time_span" searchWhenChanged="true">
  ...
  <choice value="24hr">24 Hour</choice>
  <choice value="1w">7 Days</choice>
  ...
  <change>
    <condition value="24hr">
      <unset token="1w_token"></unset>
      <set token="24hr_token"></set>
    </condition>
    <condition value="1w">
      <unset token="24hr_token"></unset>
      <set token="1w_token"></set>
    </condition>
  </change>
</input>

With that in place, you can use:

<panel depends="$24hr_token$, $other_tokens...$">
   ...
   <single>
    <option name="trendInterval">-24hr</option>
  </single>
  ...
</panel>

And similarly for the 7 day time interval.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...