Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I only getting results for the last selected values even though I've selected multiple date/times in my dashboard?

praja1983
New Member
‎04-19-2017 02:08 PM

I have the below search in one of my dashboards. I have a mutiselect field in my dashboard: one for picking the start date/time and another for end date/time. When i select multiple date/time, I'm getting only results for last selected values, it's not coming for multiple times selected.

sourcetype=smapi $earliest$ $latest$ assetGroup=pdc1c dimeName="KeyEvent" status="OK" actionName="searchlegal" | table actionName transId response _time
0 Karma
Reply

DalJeanis
Legend
‎04-19-2017 03:07 PM

The short answer is that earliest= can only accommodate one value, and so can latest=.

If you want to run multiple simultaneous searches for different time periods, then you are going to have to do a lot of custom code to make it happen (for example, setting up your searches using map or multisearch), not just straight-out-of-the-box multiselect for some time fields.

For example, see the final answer ( multisearch ) in this question

https://answers.splunk.com/answers/142472/how-to-run-different-timerange-in-subsearch-versus-outer-s...

0 Karma
Reply

praja1983
New Member
‎04-19-2017 06:16 PM

thank you @DalJeanis.... how can we be build the query dynamically...number of different time ranges will be different everytime.....sometimes we need to compare with 2 or more

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...