Hi
I need help in populating the time range values like first week , 2 week , 3 week and 4 week in dropdown box...
My requirement is to display the number of failed login attempts day wise for the first week , second week third week and fourth week which i can be selected from dropbox
Query :sourcetype=WinEventLog:Security EventCode=4625| timechart span=1d count
snapshot given below
splunk XML given below
But i'm not able to populate the values.
1 week should be from 1 to 7th day
2 nd week from 8 to 14th day
3rd week 15 to 21th day
4 week 22 to 29
How can i populate the values in dashboard . is there any other way i can populate .Any help ?
Since these are custom time ranges that you define for a month, you can either create a custom dropdown (not the traditional time range picker) with those as static values OR use the 'Advanced' section in the traditional time range picker. In both case these should be earliest and latest (assuming your run for current month)
Week1 - Earliest: @mon , latest: @mon+7d
Week1 - Earliest: @mon+8d, latest: @mon+14d
Week1 - Earliest: @mon+15d, latest: @mon+21d
Week1 - Earliest: @mon+22d, latest: @mon+29d
you can also do something like this:
<input type="dropdown" token="simple">
<label>Simple Time Picker</label>
<choice value="last_24h">Last 24 Hours</choice>
<choice value="last_7d">Last 7 days</choice>
<choice value="last_30d">Last 30 days</choice>
<default>last_24h</default>
<change>
<condition value="last_24h">
<set token="simple.label">$label$</set>
<set token="simple.earliest">-24h</set>
<set token="simple.latest">now</set>
</condition>
<condition value="last_7d">
<set token="simple.label">$label$</set>
<set token="simple.earliest">-7d</set>
<set token="simple.latest">now</set>
</condition>
<condition value="last_30d">
<set token="simple.label">$label$</set>
<set token="simple.earliest">-30d</set>
<set token="simple.latest">now</set>
</condition>
</change>
</input>
Thanks @nfilippi for your query , and its working fine
Since these are custom time ranges that you define for a month, you can either create a custom dropdown (not the traditional time range picker) with those as static values OR use the 'Advanced' section in the traditional time range picker. In both case these should be earliest and latest (assuming your run for current month)
Week1 - Earliest: @mon , latest: @mon+7d
Week1 - Earliest: @mon+8d, latest: @mon+14d
Week1 - Earliest: @mon+15d, latest: @mon+21d
Week1 - Earliest: @mon+22d, latest: @mon+29d
Hi Somesoni 2: Thanks for the help
xml looks like this and this is working
test windows 3
<panel>
<input type="dropdown" token="earliest_tok">
<label>field1</label>
<choice value="@mon" latest="@mon+7d">Week 1</choice>
<choice value="@mon+8d" latest="@mon+14d">Week2</choice>
<prefix>earliest="</prefix>
<suffix>"</suffix>
</input>
<chart>
<search>
<query>sourcetype=WinEventLog:Security $earliest_tok$ EventCode=4624| timechart span=1d count</query>
<earliest>0</earliest>
<latest></latest>
</search>
<option name="charting.chart">column</option>
</chart>
</panel>