Reporting

Passing parameters to savedsearches.conf

gpanicker
Explorer

I have a dashboard set up which captures the error logs happened in the last 2 hours. I need to modify it to include a pulldown for the time .. like instead of last 2 hours, the user should be able to select in the last 4 hrs, 8 hrs etc.. The search is defined in savedsearches.conf. And I am looking for a way to pass in the selected time parameter to the saved search. Please

Tags (1)
0 Karma
1 Solution

MarioM
Motivator

You need the TimeRangePicker TimeRangePicker module in your Advanced XML:

<module name="TimeRangePicker">
   <param name="searchWhenChanged">True</param>
   <param name="selected">All time</param>
   <module name="SubmitButton">
     <param name="updatePermalink">True</param>
     <param name="allowSoftSubmit">True</param>
   </module>
</module>

And you can create custom time ranges with a times.conf in your apps.

View solution in original post

0 Karma

MarioM
Motivator

You need the TimeRangePicker TimeRangePicker module in your Advanced XML:

<module name="TimeRangePicker">
   <param name="searchWhenChanged">True</param>
   <param name="selected">All time</param>
   <module name="SubmitButton">
     <param name="updatePermalink">True</param>
     <param name="allowSoftSubmit">True</param>
   </module>
</module>

And you can create custom time ranges with a times.conf in your apps.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...