Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Set latest time to clicked event time and earliest is relative to that time

lisheridan
Explorer
‎12-18-2011 05:48 PM

I have a SimpleResultsTable configured for drilldown which dispatches several child searches that display some charts. I want the child searches to set the latest time as the event time for what was clicked and I want the earliest time to be 1 day before that event time.

For example, if you click on an event that occurred at 11/5/2011 12:30:00 I want the child searches to show events from 11/4/2011 12:30:00 to 11/5/2011 12:30:00.

Is it possible to do this with earliest and latest and intentions?

0 Karma
Reply

lisheridan
Explorer
‎12-18-2011 07:01 PM

I think it is something like the following:

starttime=relative_time($time$, "-1d@s") endtime=$time$

... if $time$ is passed by row drilldown and can be picked up by ConvertToIntention.

I haven't been able to get variations of this to work yet though.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...