Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we add more than one time field to the dataset or add more than one time filter to the pivot?

chinmayc469
Explorer
‎08-01-2018 04:15 AM

I have created a pivot report which by default has _time filter, but I want to apply a filter on my other date-time fields also.

I tried doing this, but it is taking my other date-time fields as strings and not as date.

I want to add more than one time filter to the pivot report and all time filters should have the capability to select range of values.

Thanks in advance.

0 Karma
Reply

DalJeanis
Legend
‎08-01-2018 09:02 AM

In your search, you need to create an epoch version of each time field you want to filter on. Assuming the time selector was called start_token and the field was StartTime, in a format like "2018-08-01 14:21:00", it might look like this in the search...

 | eval StartTimeEpoch=strptime(StartTime,"%Y-%m-%d %H:%M:%S")
 | where StartTimeEpoch>= $start_token.earliest$ AND StartTimeEpoch < $start_token.latest$
0 Karma
Reply

chinmayc469
Explorer
‎08-02-2018 02:12 AM

but how to do this in pivot report?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...