Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show earliest and latest time on dashboard panel title which is same as time select?

vrmandadi
Builder
‎05-24-2022 01:19 PM

I want to show the time range of that panel that a dashboard has ran from the time select drop -down.For instance , if I select last 90 mins  at 1PM from time select the dashboard panel should show the time like  earliest_time= 11:30:00 AM to Latest_Time:13:00:00 .

 

I tried using            $field2.earliest$ To Latest_Time: $field2.latest$ but the output is showing as below

 Earliest_Time: -90m@m To Latest_Time: now

 

 

Thanks in Advance

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-24-2022 01:39 PM

It's not clear where in the dashboard the tokens are used, but you may be able to use strftime() and relative_time() to convert tokens to better text.

 

eval start=strftime(relative_time(now(),$field2.earliest|s$), "%c"), 
eval end=strftime(relative_time(now(),$field2.latest|s$), "%c")

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-31-2022 11:19 PM

Hi @vrmandadi,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-24-2022 11:33 PM

Hi @vrmandadi,

you could use addinfo command to extract the time borders of your search and then display them in a search, somethinh like this:

| makeresults 
| addinfo
| eval info_min_time=strftime(info_min_time,"%Y-%m-%d %H:%M:%S"), info_max_time=strftime(info_max_time,"%Y-%m-%d %H:%M:%S")
| table info_min_time info_max_time

and then display one value in a Single Value Panel.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-24-2022 01:39 PM

It's not clear where in the dashboard the tokens are used, but you may be able to use strftime() and relative_time() to convert tokens to better text.

 

eval start=strftime(relative_time(now(),$field2.earliest|s$), "%c"), 
eval end=strftime(relative_time(now(),$field2.latest|s$), "%c")

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

vrmandadi
Builder
‎05-24-2022 05:59 PM

Sorry for not explaining correctly ..I want the time to be displayed on the  panel title of a dashboard.It should show the earliest and latest time of the time select which was selected from dropdown.

Assuming if the time is 1 PM now and I select last 90 mins from timeselect  dropdown for the dashboard it should show like below

The panel time range is : earliest_time= 11:30:00 AM to Latest_Time:13:00:00 .

 

I tried using            $field2.earliest$ To Latest_Time: $field2.latest$ but the output is showing as below

 Earliest_Time: -90m@m To Latest_Time: now

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-24-2022 11:40 PM

You could use addinfo to get the info_min_time (earliest) and info_max_time (latest) in your search and create tokens in a done handler from the result of the search.

0 Karma
Reply
Solved! Jump to solution

vrmandadi
Builder
‎05-25-2022 06:46 AM

How to pass the tokens in done handler...I am not sure how it can be done

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-25-2022 07:32 AM

As part of the search for the panel, add a done handler - note that the result field you want must be in the first row of the results - also note that if you use field names with a leading underscore, they won't show up in your table but should be available to the done handler

    </query>
    <done>
      <eval token="tokenname">$result._fieldname$</eval>
    </done>
  </search>

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...