Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to retrieve the number of hours from the earliest & latest of the input token selected during run time

sangs8788
Communicator
‎06-06-2019 03:48 AM

I have a Time input field in my dashboard. How do I retrieve the no of hours chosen by the user from the time input fields' earliest and latest.

Say the user select Last 4 hours. Then my span should be displayed as 4. Or if he selects timerange where the difference is 4.5 hours, I need to calculate the span as 4.5 hours from the earliest and latest of time input token.

Could someone help me out here.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 04:51 AM

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-06-2019 05:04 AM

Hi @sangs8788,

The tokens for earliest and latest generated by the time picker are as follows (this is straight from the docs) :

If you have a form with panels that use different time pickers, use tokens for the time input to indicate the time picker to use for each panel. To access the earliest and latest values from a time picker, use the following modifiers to the token:

$timer_tok.earliest$
$timer_tok.latest$

A time input that does not define a token is global. The values selected from such a time picker applies to all visualizations that do not otherwise specify a time picker.

You can find more details and examples here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/tokens#Time_input_example

Hope that helps.

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 04:51 AM

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

0 Karma
Reply
Solved! Jump to solution

sangs8788
Communicator
‎06-06-2019 07:25 AM

Thanks this works. But curious. Lets say I am setting 

eval count_limit=diff*20 | search count >count_limit

When I add above part to the query, It doesnt result anything or doesnt consider the condition. What is it I am doing wrong in here ? Could you please help me out here

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 07:29 AM

search command does not support >. Use where instead.

Reply
Solved! Jump to solution

sangs8788
Communicator
‎06-06-2019 07:38 AM

Thx. It works

0 Karma
Reply
Get Updates on the Splunk Community!

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...