Re: Is there a function to turn a time range into ...

unitedmarsupial · ‎12-13-2019

I've created a dashboard with a shared "time-input" (named range) -- all of the panels refer to it:

      <earliest>$range.earliest$</earliest>
      <latest>$range.latest$</latest>

I'd like each panel's title to reflect the currently-picked range -- showing it in human-readable form like "Last 4 hours" or "Yesterday from 2am to 3am". Is this possible?

Update: Ok, I found I can add something like this to the titles:

... between $range.earliest$ and $range.latest$

and it will be translated to, for example between -7d@h and now. Maybe, there are better alternatives?..

vnravikumar · ‎12-13-2019

Hi

Check this

<input type="time" searchWhenChanged="true">
        <label>Enter the time range</label>
        <default>
          <earliest>-1d@d</earliest>
          <latest>@d</latest>
        </default>
        <change>
          <set token="displayTime">($label$)</set>
        </change>
      </input>

to4kawa · ‎12-13-2019

It is enough to use in the Last something.
If Today is specified, it is regrettable that it will be Custom time.

to4kawa · ‎12-13-2019

| makeresults 
| addinfo 
| eval _time=info_max_time 
| reltime 
| rename reltime as last_time 
| eval _time=info_min_time 
| reltime 
| rename reltime as first_time
| eval output_text="Search period: between ".first_time." to ".last_time

you can hide the panel and pass output_text in tokens.

richgalloway · ‎12-13-2019

Check out the reltime function.

---
If this reply helps you, Karma would be appreciated.

Is there a function to turn a time range into human-readable string?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes