Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we add more than one time field to the dataset or add more than one time filter to the pivot?

chinmayc469
Explorer
‎08-01-2018 04:15 AM

I have created a pivot report which by default has _time filter, but I want to apply a filter on my other date-time fields also.

I tried doing this, but it is taking my other date-time fields as strings and not as date.

I want to add more than one time filter to the pivot report and all time filters should have the capability to select range of values.

Thanks in advance.

0 Karma
Reply

DalJeanis
Legend
‎08-01-2018 09:02 AM

In your search, you need to create an epoch version of each time field you want to filter on. Assuming the time selector was called start_token and the field was StartTime, in a format like "2018-08-01 14:21:00", it might look like this in the search...

 | eval StartTimeEpoch=strptime(StartTime,"%Y-%m-%d %H:%M:%S")
 | where StartTimeEpoch>= $start_token.earliest$ AND StartTimeEpoch < $start_token.latest$
0 Karma
Reply

chinmayc469
Explorer
‎08-02-2018 02:12 AM

but how to do this in pivot report?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...