Getting Data In
Highlighted

How to disable options greater than 7 days in the timepicker input on a particular dashboard

New Member

Hi.

I have an interactive dashboard with a lot of data. It has multiple panels with performance data for a large number of hosts. I have been able to get it to run by a combination of things:
- the individual panels select exceptions
- the users can select Top 10, Top 20, Top 50 hosts
- they can select a range of up to 7 days

Anything more than 7 days will return truncated data errors. Is there a way to disable all other timeframe options from the timepicker selection choices?

I'd really appreciate any insights you might have.

Thanks.
Barbara

0 Karma
Highlighted

Re: How to disable options greater than 7 days in the timepicker input on a particular dashboard

Super Champion

The user can always run searches with earliest=-xx , so he/she can override if it need be if they have got a search option.

Said that,

See the solutions in below post to customize time range picker
https://answers.splunk.com/answers/222650/limit-choices-in-default-timepicker.html

0 Karma
Highlighted

Re: How to disable options greater than 7 days in the timepicker input on a particular dashboard

SplunkTrust
SplunkTrust

Hi @bbknowles,

Totally possible, you can do this by removing the entries you dont need from the times.conf config file, but this removes the options for all users : https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Timesconf

If you want to apply for a fixed dashboard you can either use some JS magic as in the following link https://answers.splunk.com/answers/222650/limit-choices-in-default-timepicker.html or go for the easy way and just create your own drop down including only the time options you require (this is easier to manage and maintain).

PS: If you want to ensure that your users dont tweak the searches and get more than 7 days make sure you use their role configuration to limit the time, this can be done using the srchTimeWin = <number> setting in :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/authorizeconf

Cheers,
David

0 Karma
Highlighted

Re: How to disable options greater than 7 days in the timepicker input on a particular dashboard

New Member

So I forgot to mention that I don't have access to the config file or the file structure. Our Splunk Admin team is very strict.

And I only need to control the timeframe for this specific dashboard because there is too much data. I don't want to restrict the timeframes for all dashboards.

If I have to, I will create a custom time input, but I was hoping to simply disable the larger timeframes in the existing input.

0 Karma
Highlighted

Re: How to disable options greater than 7 days in the timepicker input on a particular dashboard

Esteemed Legend

The easiest thing to do is to create your own very limited timepicker selector that has the few options that you allow like this:

label="Today", value="earliest=@d latest=now"
label="From yesterday", value="earliest=-1d@d latest=now"
label="From 2 days ago", value="earliest=-2d@d latest=now"
label="From 3 days ago", value="earliest=-3d@d latest=now"
label="From 4 days ago", value="earliest=-4d@d latest=now"
label="From 5 days ago", value="earliest=-5d@d latest=now"
label="From 6 days ago", value="earliest=-6d@d latest=now"
label="From 7 days ago", value="earliest=-7d@d latest=now"

Then use Your SPL here $earlylate_token$ ... as your search string

0 Karma