Re: Running Different Searches as per TIme Picker

sdhawanx · ‎01-29-2021

Hi All,

I have 2 different searches for a dashboard.

i want to run one search when the time range is Last seven days and the 2nd search when the time is any other value.

Any leads would be appreciated.

thanks in advance.

ITWhisperer · ‎01-29-2021

Set up one search with earliest -7d and latest now, and the other search to use a timepicker to provide a token with earliest and latest.

sdhawanx · ‎01-29-2021

I already have 2 searches, but only one time picker dropdown panel. I want to trigger search 1 when the time range is selected as Last 7 Days, and search 2 when other time range is selected. I am new to Splunk so i am having difficulty understanding how should I proceed. Should I trigger the searches using tokens or something like that ?

ITWhisperer · ‎01-29-2021

How different are your two searches from each other?

sdhawanx · ‎01-29-2021

1st search is a saved search and the 2nd one is normal search.

ITWhisperer · ‎01-29-2021

You could have two panels and use the depends attribute to hide/show each panel depending on the presence of a couple of tokens. You would set and unset these tokens in the timepicker depending on whether last 7 days is chosen or not.

sdhawanx · ‎02-02-2021

Yes I understand this, I am new to Splunk so can you help me with how to set these tokens

Running Different Searches as per TIme Picker

other

simple XML

token

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?