Dashboards & Visualizations

Need help in populating the time ranges in dropdown box

Path Finder

Hi

I need help in populating the time range values like first week , 2 week , 3 week and 4 week in dropdown box...

My requirement is to display the number of failed login attempts day wise for the first week , second week third week and fourth week which i can be selected from dropbox

Query :sourcetype=WinEventLog:Security EventCode=4625| timechart span=1d count

snapshot given below
alt text

splunk XML given below
alt text

But i'm not able to populate the values.
1 week should be from 1 to 7th day
2 nd week from 8 to 14th day
3rd week 15 to 21th day
4 week 22 to 29

How can i populate the values in dashboard . is there any other way i can populate .Any help ?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Since these are custom time ranges that you define for a month, you can either create a custom dropdown (not the traditional time range picker) with those as static values OR use the 'Advanced' section in the traditional time range picker. In both case these should be earliest and latest (assuming your run for current month)

Week1 -  Earliest: @mon , latest: @mon+7d
Week1 -  Earliest: @mon+8d, latest: @mon+14d
Week1 -  Earliest: @mon+15d, latest: @mon+21d
Week1 -  Earliest: @mon+22d, latest: @mon+29d

View solution in original post

Splunk Employee
Splunk Employee

you can also do something like this:

  <input type="dropdown" token="simple">
    <label>Simple Time Picker</label>
    <choice value="last_24h">Last 24 Hours</choice>
    <choice value="last_7d">Last 7 days</choice>
    <choice value="last_30d">Last 30 days</choice>
    <default>last_24h</default>
    <change>
      <condition value="last_24h">
        <set token="simple.label">$label$</set>
        <set token="simple.earliest">-24h</set>
        <set token="simple.latest">now</set>
      </condition>
      <condition value="last_7d">
        <set token="simple.label">$label$</set>
        <set token="simple.earliest">-7d</set>
        <set token="simple.latest">now</set>
      </condition>
      <condition value="last_30d">
        <set token="simple.label">$label$</set>
        <set token="simple.earliest">-30d</set>
        <set token="simple.latest">now</set>
      </condition>
    </change>
  </input>

Path Finder

Thanks @nfilippi for your query , and its working fine

0 Karma

SplunkTrust
SplunkTrust

Since these are custom time ranges that you define for a month, you can either create a custom dropdown (not the traditional time range picker) with those as static values OR use the 'Advanced' section in the traditional time range picker. In both case these should be earliest and latest (assuming your run for current month)

Week1 -  Earliest: @mon , latest: @mon+7d
Week1 -  Earliest: @mon+8d, latest: @mon+14d
Week1 -  Earliest: @mon+15d, latest: @mon+21d
Week1 -  Earliest: @mon+22d, latest: @mon+29d

View solution in original post

Path Finder

Hi Somesoni 2: Thanks for the help

xml looks like this and this is working

test windows 3

<panel>
  <input type="dropdown" token="earliest_tok">
    <label>field1</label>
    <choice value="@mon&quot;  latest=&quot;@mon+7d">Week 1</choice>
    <choice value="@mon+8d&quot; latest=&quot;@mon+14d">Week2</choice>
    <prefix>earliest="</prefix>
    <suffix>"</suffix>
  </input>
  <chart>
    <search>
      <query>sourcetype=WinEventLog:Security  $earliest_tok$ EventCode=4624| timechart span=1d count</query>
      <earliest>0</earliest>
      <latest></latest>
    </search>
    <option name="charting.chart">column</option>
  </chart>
</panel>
0 Karma