Solved: Dynamic time creation based on time picker

ethanhunt · ‎09-20-2023

Hi,

I have a dashboard that shows service tickets count based on different parameters.

Now I need to show a trend for current year and previous year for the duration selected by the user in the time picker.

For example, if the user selects time from Jan 1, 2023 to Apr 1, 2023 in the time picker , then I need to form a query to select the same duration of previous year( Jan 1, 2022 to Apr 1, 2022) and show the trend .

How to create the previous year duration based on the duration selected in the time picker. Please advise.

bowesmana · ‎09-20-2023

The linked article by @dmacintosh_splu shows you how to create the relative comparable time for the same period in the previous year using a dummy search. To make the 1 year calculation, I would do

  <search>
    <query>
| makeresults
| addinfo
| eval prev_year_earliest=relative(info_min_time, "-1y")
| eval prev_year_latest=relative(info_max_time, "-1y")
| fields prev_*
    </query>
    <done>
      <set token="prev_year_earliest">$result.prev_year_earliest$</eval>
      <set token="prev_year_latest">$result.prev_year_latest$</eval>
    </done>
  </search>

what is that you can't do specifically? Do you want a single panel to show both years on a timechart - when you say trend, do you mean a straight line indicating direction or comparative data points for the previous year?

If you want a single panel showing both years, then you still need the above search and your main search to populate the data will be something like this to include both token sets and then timewrap to wrap previous year to current year

search (earliest=$time.earliest$ latest=$time.latest$) OR 
       (earliest=$prev_year_earliest$ latest=$prev_year_latest$)
...
| timechart ...
| timewrap 1y

View solution in original post

dmacintosh_splu · ‎09-20-2023

This Answer may be what you need.
https://community.splunk.com/t5/Dashboards-Visualizations/Panel-not-updating-when-changing-the-time-...

ethanhunt · ‎09-20-2023

Thanks @dmacintosh_splu for the response, but i doesn't really help me. When i select the duration in the time picker, say from Jan 1, 2023 to May 1, 2023 , then my dashboard will have to use the trend for the number of tickets in first panel and the trend for the number of the tickets in the second panel for the same duration for previous year (Jan 1, 2022 to May 1, 2022).

I am not sure how to frame the search query for extracting the tickets trend for previous year.

bowesmana · ‎09-20-2023

The linked article by @dmacintosh_splu shows you how to create the relative comparable time for the same period in the previous year using a dummy search. To make the 1 year calculation, I would do

  <search>
    <query>
| makeresults
| addinfo
| eval prev_year_earliest=relative(info_min_time, "-1y")
| eval prev_year_latest=relative(info_max_time, "-1y")
| fields prev_*
    </query>
    <done>
      <set token="prev_year_earliest">$result.prev_year_earliest$</eval>
      <set token="prev_year_latest">$result.prev_year_latest$</eval>
    </done>
  </search>

what is that you can't do specifically? Do you want a single panel to show both years on a timechart - when you say trend, do you mean a straight line indicating direction or comparative data points for the previous year?

If you want a single panel showing both years, then you still need the above search and your main search to populate the data will be something like this to include both token sets and then timewrap to wrap previous year to current year

search (earliest=$time.earliest$ latest=$time.latest$) OR 
       (earliest=$prev_year_earliest$ latest=$prev_year_latest$)
...
| timechart ...
| timewrap 1y

ethanhunt · ‎09-25-2023

Thanks @bowesmana for the solution, it worked like a charm !!!!

Dynamic time creation based on time picker

timechart

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!