Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create 2 drop down based on start_date and end_date

Neel88
Explorer
‎02-02-2023 07:17 PM

Hi,

I need to create the 2 drop down for date where user can manually select start_date and end_date. And based on that data will be filter and show data between two dates.

Please help

0 Karma
Reply

yeahnah
Motivator
‎02-02-2023 08:31 PM

Hi @Neel88 

The simpliest, and therefore best, way is to use the in built time input in your form.  Documented here

https://docs.splunk.com/Documentation/Splunk/8.2.7/Viz/FormEditor#Add_a_time_input_to_a_form

Here is a run anywhere example...

 

 

<form>
  <label>TEST- Multi Select with distinct value and time picker</label>
  <fieldset submitButton="false">
    <input type="time" token="myTime" searchWhenChanged="true">
      <label>Time Picker</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="multiselect" token="flow">
      <label>Select Flow</label>
      <choice value="*">All</choice>
      <default>*</default>
      <delimiter>,</delimiter>
      <fieldForLabel>FLOW</fieldForLabel>
      <fieldForValue>FLOW</fieldForValue>
      <search>
        <query>| makeresults | eval adt="foo" | search adt="$adt$"</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <prefix>IN(</prefix>
      <suffix>)</suffix>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
    </input>
    <input type="multiselect" token="adt">
      <label>Select ADT</label>
      <choice value="*">All</choice>
      <default>*</default>
      <delimiter>,</delimiter>
      <fieldForLabel>adt</fieldForLabel>
      <fieldForValue>adt</fieldForValue>
      <search>
        <query>| makeresults |eval flow="bar"  | search flow="$flow$"</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <prefix>IN(</prefix>
      <suffix>)</suffix>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults | eval FLOW="foo", adt="bar"
| search FLOW $flow$ AND adt $adt$
| table _time adt, FLOW, Date, NbRecordsOKFCR, CMTotal, NbRecordsOKCM, NBIntFile, NB1, NB2, NB3, NbErrorsCM, Alert
| fields _time Date, adt, FLOW, CMTotal</query>
          <earliest>$myTime.earliest$</earliest>
          <latest>$myTime.latest$</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

 

 

 The time picker has lots of options to pick time ranges, including start and end dates

yeahnah_0-1675398678806.png

Hope this helps

0 Karma
Reply

Neel88
Explorer
‎02-03-2023 12:57 AM

Firstly, Thank you so much for your help.

My saved search having the dates in the format - 'yyyy/mm/dd' and its not picking by the date selection.

Neel88_0-1675414605182.png

Kindly suggest.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...