Solved: Re: How to run searches using different time range...

dzyfer · ‎08-28-2022

Hi, I would like to know how to run searches using different time ranges in dropdown.

For example, an input in the dropdown would be labelled "Yesterday", and I would like to assign 2 different time ranges to the same label, such that I can run 2 different searches using the separate time ranges by just selecting one input from the dropdown.

I have tried defining 4 tokens under the same label, but it doesn't work, ie.

<choice value="yesterday">Yesterday</choice>
 <condition label="Yesterday">
  <set token="custom_earliest">-8d@d+7h</set>
  <set token="custom_latest">@d+7h</set>
  <set token="breakdown_earliest">-1d@d+7h</set>
  <set token="breakdown_latest">@d+7h</set>
</condition>

Thanks

chaker · ‎08-28-2022

A few things to try:

Print out the tokens in a panel to make sure they are being set to the value you expect. You may need to use dot notation, so what ever the token name of your input is.

my_date.custom_earliest
my_date.custom_latest

Try wrapping the time modifer in quotes

Try matching condition value instead of label. Should be the same, but worth a try.

View solution in original post

chaker · ‎08-28-2022

A few things to try:

Print out the tokens in a panel to make sure they are being set to the value you expect. You may need to use dot notation, so what ever the token name of your input is.

my_date.custom_earliest
my_date.custom_latest

Try wrapping the time modifer in quotes

Try matching condition value instead of label. Should be the same, but worth a try.

How to run searches using different time ranges in dropdown?

drilldown

form

simple XML

token

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation