Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use time token in dbxquery?

Julia1231
Communicator
‎09-15-2022 12:51 AM

Hi everyone,

I am doing a dashboard in which I'm getting date from Postgresql using dbxquery.

Currently I'm filtering date range by putting it in WHERE of SQL query inside the dbxquery.

However I want to let users choose date range by themselve, for example by creating 2 input boxes in the dashboard and let them enter the time start and end that they want, the data then will be updated corresponding. 

The datetime format that I'm getting from postgresql is yyyy-mm-dd HH:MM:SS

I created an input with a token, but I don't know how to use that token inside my query.

How can I do it please? Or if you have any suggestion for this case, feel free to tell me.

 

Thanks,

Julia

Labels (3)
Tags (1)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-15-2022 01:00 AM

To get the correctly formatted date into a token that you can use in you SQL you need to add the following global search to your dashboard

<search>
  <query>
| makeresults
| addinfo
| eval StartDate = strftime(info_min_time, "%F %T")
| eval EndDate = strftime(info_max_time, "%F %T")
  </query>
  <earliest>$time_picker.earliest$</earliest>
  <latest>$time_picker.latest$</latest>
  <done>
    <set token="start">$result.StartDate$</set>
    <set token="end">$result.EndDate$</set>
  </done>
</search>

Then in your SQL you can use the tokens $start$ and $end$ to denote the start/end time for the SQL search.

Note that the above assumes you name the time picker token as "time_picker"

 

0 Karma
Reply

Julia1231
Communicator
‎09-15-2022 01:10 AM

Hi @bowesmana ,

I'm using dbxquery, something like this: | dbxquery connection="database" query="SELECT created_date, machine_id
FROM table"

when I use |makeresults inside the query, Splunk tells that 

Error in 'dbxquery' command: This command must be the first command of a search.

or

Error in 'makeresults' command: This command must be the first command of a search.

What can I do?

Tags (1)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-15-2022 01:22 AM

The search fragment is a separate search inside your dashboard - put it after the <form> element.

However, you format your SQL query to use start and end dates, just use $start$ and $end$ to represent the start and end dates in your dbxquery, e.g.

| dbxquery connection="database" query="SELECT created_date, machine_id..

WHERE created_date>$start$ AND created_date<$end$

 NB: I don't know the SQL syntax, so you will have to manage that.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...