Re: timestamp

ybvv9494 · ‎04-27-2021

i am preparing a Splunk dashboard .in my dashboard i fixed the timestamp at the starting of the dashboard and all the data will be displayed with that. now i need to fix another time chart separately only for one chart that represents incoming data of Previous data at this timestamp. How to fix this.

ITWhisperer · ‎04-27-2021

Is the panel a fixed time difference from the timepicker value? If so, evaluate an extra token (or two) in the timepicker based on the selected timeframe.

ybvv9494 · ‎04-27-2021

All the dashboard has a Primary timestamp and all the charts follow the same timestamp but in one chart we need the same timestamp data of yesterday.

for example: suppose we need to get data for last 4 hours(i.e 1 AM TO 5 AM) all the charts represent last four hours data but in one chart it should show last 4 hours timestamp(1 AM to 5 AM) of previous days.

ITWhisperer · ‎04-30-2021

Add this to your timepicker and use these tokens in the earliest and latest settings for the panel you want to be 1 day earlier

      <change>
        <eval token="earliestdaybefore">relative_time(relative_time(now(),$earliest$),"-1d")</eval>
        <eval token="latestdaybefore">relative_time(relative_time(now(),$latest$),"-1d")</eval>
      </change>

gcusello · ‎04-27-2021

Hi @ybvv9494,

you can put another Time Picker (eventually inside the panle) in your dashboard.

Only one attention: use a different name for the token.

Ciao.

Giuseppe

timestamp

monitoring console

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor