Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Help with Dashboard with time span for with tstats

deodeshm
Explorer
‎08-25-2022 12:27 AM

I am trying to build a dashboard with time input, how can I use the time selected to pass to below query?

 

| tstats `summariesonly` earliest(_time) as _time from datamodel=Incident_Management.Notable_Events_Meta by source,Notable_Events_Meta.rule_id | `drop_dm_object_name("Notable_Events_Meta")` | `get_correlations` | stats count by rule_name

 

e.g. if I select 7 days, it should show data for 7 days only.

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2022 12:51 AM

Hi @deodeshm,

what's your problem?

changing the value in the Time Picker also the time period in the tstats command changes.

obviously, remember to correlate the time of the panel to the Time Picker.

Ciao.

Giuseppe

Reply

deodeshm
Explorer
‎08-25-2022 01:30 AM

Sorry, found the solution, I selected events as a panel so wasn't able to see any results.

 

Thanks for the response.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-25-2022 01:46 AM

hi @deodeshm,

good for you, see next time!

Please accept one answer for the other people of Community

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...