Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to retrieve the number of hours from the earliest & latest of the input token selected during run time

sangs8788
Communicator
‎06-06-2019 03:48 AM

I have a Time input field in my dashboard. How do I retrieve the no of hours chosen by the user from the time input fields' earliest and latest.

Say the user select Last 4 hours. Then my span should be displayed as 4. Or if he selects timerange where the difference is 4.5 hours, I need to calculate the span as 4.5 hours from the earliest and latest of time input token.

Could someone help me out here.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 04:51 AM

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-06-2019 05:04 AM

Hi @sangs8788,

The tokens for earliest and latest generated by the time picker are as follows (this is straight from the docs) :

If you have a form with panels that use different time pickers, use tokens for the time input to indicate the time picker to use for each panel. To access the earliest and latest values from a time picker, use the following modifiers to the token:

$timer_tok.earliest$
$timer_tok.latest$

A time input that does not define a token is global. The values selected from such a time picker applies to all visualizations that do not otherwise specify a time picker.

You can find more details and examples here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/tokens#Time_input_example

Hope that helps.

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 04:51 AM

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

0 Karma
Reply
Solved! Jump to solution

sangs8788
Communicator
‎06-06-2019 07:25 AM

Thanks this works. But curious. Lets say I am setting 

eval count_limit=diff*20 | search count >count_limit

When I add above part to the query, It doesnt result anything or doesnt consider the condition. What is it I am doing wrong in here ? Could you please help me out here

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2019 07:29 AM

search command does not support >. Use where instead.

Reply
Solved! Jump to solution

sangs8788
Communicator
‎06-06-2019 07:38 AM

Thx. It works

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...