Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How to restrict time range picker to specific peri...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Team,
Here, I want some way to restrict events to search more than a specific period.
eg. user can only select a time range for 3 months. whether it would be the last 3 months OR 1st Oct to 31-Dec OR any time range with or under 3months.
If the time range is more then 3 months it should prompt message and not allowed to execute any search.
So please share any ideas and any hint to do that.
Thanks in advanced.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I've found a way to put validation on time range picker. It is something like tricky but it's working. I've executed a search for validating time range. This search will return flag and will help to set a dummy tokens for executing a panel's search. I have designed a sample dashboard for same.
<form>
<label>Time Range Validation Example</label>
<search>
<query>| makeresults | addinfo | eval diff=info_max_time-info_min_time, max=(2*86400) | eval allowed=if(max-diff <0,0,1) | table allowed</query>
<earliest>$timerange_tkn.earliest$</earliest>
<latest>$timerange_tkn.latest$</latest>
<done>
<condition match="$result.allowed$ > 0">
<set token="timerangetoken"> </set>
<unset token="timerange_tknErr"></unset>
</condition>
<condition>
<set token="timerange_tknErr"> </set>
<unset token="timerangetoken"></unset>
</condition>
</done>
</search>
<fieldset submitButton="false" autoRun="true">
<input type="time" token="timerange_tkn" searchWhenChanged="true" id="timepicked_id">
<label>Time Range</label>
<default>
<earliest>-1d@d</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row depends="$timerange_tknErr$">
<panel>
<html>
<div id="timerange_tknErrMsg_id"/>
<div class="alert alert-error">
<i class="icon-alert"/>
<span class="errorBackground"> Invalid time range.</span>
</div>
</html>
</panel>
</row>
<row>
<panel>
<title>Count by sourcetype</title>
<table>
<search>
<query>$timerangetoken$ index=_internal | head 1000 | stats count by sourcetype
</query>
<earliest>$timerange_tkn.earliest$</earliest>
<latest>$timerange_tkn.latest$</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
Happy Splunking
Kamlesh
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I've found a way to put validation on time range picker. It is something like tricky but it's working. I've executed a search for validating time range. This search will return flag and will help to set a dummy tokens for executing a panel's search. I have designed a sample dashboard for same.
<form>
<label>Time Range Validation Example</label>
<search>
<query>| makeresults | addinfo | eval diff=info_max_time-info_min_time, max=(2*86400) | eval allowed=if(max-diff <0,0,1) | table allowed</query>
<earliest>$timerange_tkn.earliest$</earliest>
<latest>$timerange_tkn.latest$</latest>
<done>
<condition match="$result.allowed$ > 0">
<set token="timerangetoken"> </set>
<unset token="timerange_tknErr"></unset>
</condition>
<condition>
<set token="timerange_tknErr"> </set>
<unset token="timerangetoken"></unset>
</condition>
</done>
</search>
<fieldset submitButton="false" autoRun="true">
<input type="time" token="timerange_tkn" searchWhenChanged="true" id="timepicked_id">
<label>Time Range</label>
<default>
<earliest>-1d@d</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row depends="$timerange_tknErr$">
<panel>
<html>
<div id="timerange_tknErrMsg_id"/>
<div class="alert alert-error">
<i class="icon-alert"/>
<span class="errorBackground"> Invalid time range.</span>
</div>
</html>
</panel>
</row>
<row>
<panel>
<title>Count by sourcetype</title>
<table>
<search>
<query>$timerangetoken$ index=_internal | head 1000 | stats count by sourcetype
</query>
<earliest>$timerange_tkn.earliest$</earliest>
<latest>$timerange_tkn.latest$</latest>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
Happy Splunking
Kamlesh
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i think this can be done only thru dashboard:
https://answers.splunk.com/answers/222650/limit-choices-in-default-timepicker.html
also, check this:
https://simonduff.net/splunk_restrict_time_range_picker/
from the above link - The downsides are that this is only works for custom dashboards and forms, and that these presets are just masked – a crafty user could disable this CSS and select these hidden items. However, Splunk provides sufficient restrictions as part of its RBAC model to limit users from doing long running or all time searches, if required.
You can grab an example app that demonstrates this configuration from https://github.com/sduff/restrict_timepicker.
Sekar
PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@inventsekar
Thanks for reply. Basically, I'm looking for something like validation. I have already restricted using css but I want to keep open time range ( from date/time - to date/time). So the period between from and to date/time range should not be more then 3 months. So is that any JS or something to implement it?
What the End of Support for Splunk Add-on Builder Means for You
Solve, Learn, Repeat: New Puzzle Channel Now Live
Building Reliable Asset and Identity Frameworks in Splunk ES
