Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

simple xml - setting global not form variables

mortenb123
Path Finder
‎03-09-2016 01:47 AM

Hi all

Found that Splunk do not let you schedule PDFs if you have forms on your dashboard. (even though it has default settings).

I then have to manually update the time interval for every search in the dashboard.
aka add the following to every search

    <earliest>-1d@d</earliest>
    <latest>@d</latest>

I like it to be a token aka $myearliest$, but how do I declare this, tried with set and eval, but they need some parent setting I was unable get to work.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chimell
Motivator
‎03-10-2016 12:33 AM

Hi
you can not use only $myearliest$ token just add ".earliest''

<input type="time" token="myearliest">
     <label></label>
     <default>
      <earliest>-1d@d</earliest>
     <latest>@d</latest>
     </default>
   </input>

   <search>
         <query>enter you search code here</query>
         <earliest>$myearliest.earliest$</earliest>
         <latest>$myearliest.latest$</latest>
    </search>

View solution in original post

Reply
Solved! Jump to solution

mortenb123
Path Finder
‎03-10-2016 12:48 AM

Hi gyslainlatsa

Thanks for your answer.

I tried adding the input settings to the top and into the row with the search itself.
but my dashboard only says "search is waiting for input"

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎03-10-2016 12:14 PM

if your dashboad displays "search is waiting for input", check if all the tokens have default values that were indicated in your xml code.

0 Karma
Reply
Solved! Jump to solution
Solution

chimell
Motivator
‎03-10-2016 12:33 AM

Hi
you can not use only $myearliest$ token just add ".earliest''

<input type="time" token="myearliest">
     <label></label>
     <default>
      <earliest>-1d@d</earliest>
     <latest>@d</latest>
     </default>
   </input>

   <search>
         <query>enter you search code here</query>
         <earliest>$myearliest.earliest$</earliest>
         <latest>$myearliest.latest$</latest>
    </search>
Reply
Solved! Jump to solution

mortenb123
Path Finder
‎03-10-2016 12:59 AM

Had to add to the first panel, and there is shows like a time form component, but it is obviously global so it works on all the other searches in the dashboard also. And I can schedule automatic PDF based on the delivery.
Thanks

0 Karma
Reply
Solved! Jump to solution

gyslainlatsa
Motivator
‎03-09-2016 07:32 AM

hi,

try like this:

<input type="time" token="field1">
    <label></label>
    <default>
      <earliest>0</earliest>
      <latest></latest>
    </default>
  </input>

  <search>
        <query>index=* OR index=_* |stats count by source</query>
        <earliest>$field1.earliest$</earliest>
        <latest>$field1.latest$</latest>
   </search>
Reply
Solved! Jump to solution

mortenb123
Path Finder
‎03-10-2016 01:13 AM

Thanks this is correct, turns out the PDF scheduler checks on

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...