Dashboards & Visualizations

How to retrieve the number of hours from the earliest & latest of the input token selected during run time

sangs8788
Communicator

I have a Time input field in my dashboard. How do I retrieve the no of hours chosen by the user from the time input fields' earliest and latest.

Say the user select Last 4 hours. Then my span should be displayed as 4. Or if he selects timerange where the difference is 4.5 hours, I need to calculate the span as 4.5 hours from the earliest and latest of time input token.

Could someone help me out here.

0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

View solution in original post

0 Karma

DavidHourani
Super Champion

Hi @sangs8788,

The tokens for earliest and latest generated by the time picker are as follows (this is straight from the docs) :

If you have a form with panels that use different time pickers, use tokens for the time input to indicate the time picker to use for each panel. To access the earliest and latest values from a time picker, use the following modifiers to the token:

$timer_tok.earliest$
$timer_tok.latest$

A time input that does not define a token is global. The values selected from such a time picker applies to all visualizations that do not otherwise specify a time picker.

You can find more details and examples here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Viz/tokens#Time_input_example

Hope that helps.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@sangs8788,

You can calculate timerange in hours with below query.

| stats count | addinfo | eval diff=round((info_max_time-info_min_time)/3600,1)

Here diff is time difference in hours.

0 Karma

sangs8788
Communicator

Thanks this works. But curious. Lets say I am setting

eval count_limit=diff*20 | search count >count_limit

When I add above part to the query, It doesnt result anything or doesnt consider the condition. What is it I am doing wrong in here ? Could you please help me out here

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

search command does not support >. Use where instead.

sangs8788
Communicator

Thx. It works

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...