Dashboards & Visualizations

Override setting in simple xml? (ver 5)

yuwtennis
Communicator

Hi!

When you set the time ticker with "<input type = time xxxx" in dashboard
and also set the time modifier in "<searchTemplate" for each panel,
is it correct to understand the setting in each panel overrides the setting in the fieldset?

process=" " Yesterday
Syslog event count per processname sourcetype=syslog earliest=@y $process$ | stats count by process
Syslog event list sourcetype=syslog earliest=@y $process$

I did a test and seems that each setting in the panel is prioritized within splunk.

Thanks,
Yu

Tags (2)
0 Karma

appleman
Contributor

Yes, I think it basically the time range which is set on search directly takes precedence in version 5.
However, if you set the time earlier than the one on the search, it doesn't follow the time range which is set in the search.
Here is my result.
Search: earliest=-7d@d latest=@d index=A sourcetype=B | timechart count by type

  1. timerange picker: All time -> takes time from search string = -7d
  2. timerange picker: Last 7days -> same result
  3. timerange picker: Last 24hous -> timerange was last 7days but it broke into every 30mins span on each day, and I got the following message, "Search generated too much data for the current display configuration, results have been truncated."
  4. timerange picker: Last 4hours -> same timerange but span changed to every 5mins.
  5. timerange picker: Last 60minutes -> same timerange but span changed to every minute.

I hope it helps you a bit.

0 Karma

yuwtennis
Communicator

Hello appleman.

Thanks for taking your time. I appreciate your time.

My plan is to specify "All time" in search and
specify flexible time from the time ticker.

Goal is to fetch all the event from index for specific sub search.

I will take a look as well.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...