Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Return multiple values from dynamic Dropdown

Mandrecks
Loves-to-Learn
‎03-14-2024 03:32 AM

I am building a dashboard with the new dashboard builder and I have a dynmic dropdown which returns me these values:

timerange, rangeStart, rangeEnd, date

2024-03-07T09:10:23/2024-03-07T23:34:392024-03-07T09:10:232024-03-07T23:34:3907/03/24-07/03/24
2024-03-08T19:41:25/2024-03-08T23:28:542024-03-08T19:41:252024-03-08T23:28:5408/03/24-08/03/24
2024-03-11T19:36:52/2024-03-11T23:19:362024-03-11T19:36:522024-03-11T23:19:3611/03/24-11/03/24

 

These ranges can go over multiple days. I use the date column as my label in the dropdown which works fine. My problem now is that I want to use the rangeStart and rangeEnd as the earliest and latest times for my graphs.
My dropdown config looks like this:

{
    "options": {
        "items": ">frame(label, value, additional_value) | prepend(formattedStatics) | objects()",
        "token": "testrun",
        "selectFirstSearchResult": true
    },
    "title": "Testrun",
    "type": "input.dropdown",
    "dataSources": {
        "primary": "ds_w86GnMtx"
    },
    "context": {
        "formattedConfig": {
            "number": {
                "prefix": ""
            }
        },
        "formattedStatics": ">statics | formatByType(formattedConfig)",
        "statics": [],
        "label": ">primary | seriesByName(\"date\") | renameSeries(\"label\") | formatByType(formattedConfig)",
        "value": ">primary | seriesByName(\"rangeStart\") | renameSeries(\"value\") | formatByType(formattedConfig)",
        "additional_value": ">primary | seriesByName(\"rangeEnd\") | renameSeries(\"additional_value\") | formatByType(formattedConfig)"
    }
}
The token name for the dropdown is testrun 
 
My query config for the graph looks like this:
{
    "type": "ds.search",
    "options": {
        "query": "QUERY",
        "queryParameters": {
            "earliest": "$testrun$rangeStart$",
            "latest": "$testrun$rangeEnd$"
        },
        "enableSmartSources": true
    },
    "name": "cool graph"
}

It seems like the token $testrun$ itself returns the rangeStart, but these $testrun$rangeStart/rangeEnd$ don't work. Is it even possible to do something like that, that the dropdown returns multiple values?

If not is there a way to use the timerange from above and split it in the middle to get earliest and latest?
"earliest": "$testrun.timerange.split(\"/\")[0].strptime('%Y-%m-%dT%H:%M:%S')$",
"latest": "$testrun.timerange.split(\"/\")[1].strptime('%Y-%m-%dT%H:%M:%S')$"
I tried also this in different ways which I also couldn't get to work. The error I am getting is always "invalid earliest_time".
Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-14-2024 04:03 AM

Have you considered using Classic / SimpleXML dashboard as you can probably achieve this with SimpleXML?

0 Karma
Reply

Mandrecks
Loves-to-Learn
‎03-14-2024 04:53 AM

Yes I thought about using the old dashboard builder as an alternative, but I wanted to see if it would be possible to use the new one.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...