Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to use time range from time picker in dashboard search?

tromero3
Path Finder
‎04-23-2020 10:53 AM

I just added a time picker to one of my dashboards. One of the panels in this dashboard is showing "new" vulnerabilities, which is looking at any vulnerability where the "first_found" field is within a certain time range.

Previously, I just wanted to see anything first_found within the last 30 days so I used the below query. But now that I've added a time picker, I'm trying to find out how I can use the range selected in the time picker in my search?

So my search would be looking at anything first_found between dates selected in my time picker.

Any help would be much appreciated, thank you!

| eval n=relative_time(now(),"-30d@d") | eval n=strftime(n,"%Y-%m-%dT%H:%M:%S.%QZ") | search first_found < n |

So to clarify, I need to use the time picker token in my search string, so that I am seeing events where the "first_found" field (which is a date) is within the date range specified by the time picker.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-23-2020 11:49 AM

Edit the dashboard and click the magnifying glass icon to edit the search for the panel. Select "Shared Time Picker" from the Time Range dropdown. Save the changes.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

tromero3
Path Finder
‎04-23-2020 11:54 AM

It's already using the shared time picker but now I need to edit the search string so that it is using the range selected by the time picker for the first_found field in the events.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...