Dashboards & Visualizations

Time range picker: latest time is always "now

goran_epl
Explorer

Ï have dashboard with time range picker. When I try to select Date Range or Data and Time Range, I cannot select the latest date. It is always "now".
How can I configure this?

0 Karma

goran_epl
Explorer

I don't think that the code is the problem. I don't have a field to select latest time! See screenshot of your code.

alt text

0 Karma

niketn
Legend

@goran_epl I have updated my answer. Your screenshot shows Date & Time Range option as Since. It should be Between as stated in my answer.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

[Updated Answers] Adding further details as Between should be selected instead of Since.

@goran_epl as stated in my answer before, in the Date & Time Range towards left there is an option to change between Between, Before and Since. In your case you have Since selected when actually it should be Between. Refer to documentation: https://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/Aboutthetimerangepicker#Specify_d...


@goran_epl if you have selected Date Time range appropriately it should work as expected i.e.
1) with between condition and
2) used $field.earliest$ and $field.latest$ in the <earliest> and <latest> attributes for <search>.

Please try the following run anywhere search which uses addinfo command to get the earliest and latest time selected for the search. (PS: Screenshot from Splunk 7.1.1)

alt text

Following is the Simple XML code for run anywhere dashboard:

<form>
  <label>Timerange picker Date Range and Date Time Range</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults
| addinfo
| fieldformat info_min_time=strftime(info_min_time,"%Y-%m-%d %H:%M:%S")
| fieldformat info_max_time=strftime(info_max_time,"%Y-%m-%d %H:%M:%S")
| fieldformat info_search_time=strftime(info_search_time,"%Y-%m-%d %H:%M:%S")
| table info_sid _time info_search_time info_min_time info_max_time</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

DalJeanis
Legend

Please post the xml code for the time picker. Make sure to mark it as code, for instance with the '101 010' button, so that the interface doesn't treat it as HTML and delete it.

0 Karma

goran_epl
Explorer

This is the XML code:

<input type="time" token="field1" searchWhenChanged="true">
      <label></label>
      <default>
        <earliest>-7d@h</earliest>
      </default>
    </input>
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...