Re: Create 2 drop down based on start_date and end...

Neel88 · ‎02-02-2023

Hi,

I need to create the 2 drop down for date where user can manually select start_date and end_date. And based on that data will be filter and show data between two dates.

Please help

yeahnah · ‎02-02-2023

Hi @Neel88

The simpliest, and therefore best, way is to use the in built time input in your form. Documented here

https://docs.splunk.com/Documentation/Splunk/8.2.7/Viz/FormEditor#Add_a_time_input_to_a_form

Here is a run anywhere example...

<form>
  <label>TEST- Multi Select with distinct value and time picker</label>
  <fieldset submitButton="false">
    <input type="time" token="myTime" searchWhenChanged="true">
      <label>Time Picker</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="multiselect" token="flow">
      <label>Select Flow</label>
      <choice value="*">All</choice>
      <default>*</default>
      <delimiter>,</delimiter>
      <fieldForLabel>FLOW</fieldForLabel>
      <fieldForValue>FLOW</fieldForValue>
      <search>
        <query>| makeresults | eval adt="foo" | search adt="$adt$"</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <prefix>IN(</prefix>
      <suffix>)</suffix>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
    </input>
    <input type="multiselect" token="adt">
      <label>Select ADT</label>
      <choice value="*">All</choice>
      <default>*</default>
      <delimiter>,</delimiter>
      <fieldForLabel>adt</fieldForLabel>
      <fieldForValue>adt</fieldForValue>
      <search>
        <query>| makeresults |eval flow="bar"  | search flow="$flow$"</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <prefix>IN(</prefix>
      <suffix>)</suffix>
      <valuePrefix>"</valuePrefix>
      <valueSuffix>"</valueSuffix>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>| makeresults | eval FLOW="foo", adt="bar"
| search FLOW $flow$ AND adt $adt$
| table _time adt, FLOW, Date, NbRecordsOKFCR, CMTotal, NbRecordsOKCM, NBIntFile, NB1, NB2, NB3, NbErrorsCM, Alert
| fields _time Date, adt, FLOW, CMTotal</query>
          <earliest>$myTime.earliest$</earliest>
          <latest>$myTime.latest$</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

The time picker has lots of options to pick time ranges, including start and end dates

Hope this helps

Neel88 · ‎02-03-2023

Firstly, Thank you so much for your help.

My saved search having the dates in the format - 'yyyy/mm/dd' and its not picking by the date selection.

Kindly suggest.

Create 2 drop down based on start_date and end_date

chart

eval

regex

rex

search job inspector

stats

subsearch

table

timechart

transaction

tstats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation

Create 2 drop down based on start_date and end_date

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.