Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to implement time picker for dashboard ?

realajay89
Explorer
‎09-29-2014 05:07 AM

i want to know how splunk indexes for implementing in TimePicker in dashboard
this is my scenario .
My source data is in the form of csv. which i upload to splunk manually monthly once .
the data has no date or timestamp in it .
for example the columns names in csv is like this .

Page name , response time , total hits.
the source data name is for example " BTM_responsetime_July.csv
for the nxt month i upload another csv manually ( BTM_responsetime_August.csv)
i have wrote some search queries which gives statics of total hits and response time on dashboard .
i have implemented a Timepicker . which has option to choose date ranges ..
in search query . i have used wild card for source like " BTM_responsetime_*.csv .
so wen i choose date ranges in timepicker . the dashboard gives the statics between those specific date ranges.

Problem : i am not sure how the splunk is indexing .. As my data doesnt have any timestamps and dates and i am uploading data manually once every month .. i think splunk is taking date of upload as the only timestamp . based on which its giving result on dashboard. is it so ?? i want to know how indexing works in my case ??
Is there a way where we can tell splunk to take Timestamp from some lookup table .??

can anyone help me ?

0 Karma
Reply

linu1988
Champion
‎09-29-2014 05:34 AM

Hello Ajay,
That is not actually a problem from splunk end. You don't have enough data to tell splunk which date to take so automatically it takes the current system date from where you do the data upload. in your case timerange picker also should work fine if you can show it on a monthly basis. The query has to be formed likewise.

Regarding the lookup what exactly would you match up? If you do the lookup on the splunk query timerange picker will not have any effect as it looks for the splunk events rather than the non-existing data which is formed after the query is triggered. To have a the trend it will be better if you can have the same included in your csv file rather than going for lookup implementation which is quite expensive on maintenance and configuration.

Thanks,
L

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...