Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I preset two separte time span as form inpu...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BinnyK
Explorer
05-02-2017
04:42 AM
I have some research data on a dashabord. The data I want to highlight is in two separate time spans Jan 1 - Jan 30 and Mar 20 - Apr 21. I want to have two radio buttons which presets these two ranges as (span 1 and span 2) rather than asking the visitors to change to these exact dates to view these results.
How can I do this?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
05-02-2017
05:25 AM
Hi BinnyK,
here is a sample code with 2 inputs, 1 for amount of events and other with radio for the span
used the earliest and latest as values to the token
more on time modifiers, here: https://docs.splunk.com/Documentation/Splunk/6.5.3/SearchReference/SearchTimeModifiers
<form>
<label>Header</label>
<fieldset submitButton="false">
<input type="text" token="field2" searchWhenChanged="true">
<label>Enter Count of Events</label>
</input>
<input type="radio" token="SPAN" searchWhenChanged="true">
<label>Span</label>
<choice value="earliest=@y latest=@y+30d">span1</choice>
<choice value="earliest="03/20/2017:00:00:00" latest="04/21/2017:00:00:00"">span2</choice>
</input>
</fieldset>
<row>
<panel>
<title>Head $field2$ Events by Sourcetype</title>
<chart>
<search>
<query>$SPAN$ index = _internal | head $field2$ | stats count by sourcetype</query>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
</form>
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adonio
Ultra Champion
05-02-2017
05:25 AM
Hi BinnyK,
here is a sample code with 2 inputs, 1 for amount of events and other with radio for the span
used the earliest and latest as values to the token
more on time modifiers, here: https://docs.splunk.com/Documentation/Splunk/6.5.3/SearchReference/SearchTimeModifiers
<form>
<label>Header</label>
<fieldset submitButton="false">
<input type="text" token="field2" searchWhenChanged="true">
<label>Enter Count of Events</label>
</input>
<input type="radio" token="SPAN" searchWhenChanged="true">
<label>Span</label>
<choice value="earliest=@y latest=@y+30d">span1</choice>
<choice value="earliest="03/20/2017:00:00:00" latest="04/21/2017:00:00:00"">span2</choice>
</input>
</fieldset>
<row>
<panel>
<title>Head $field2$ Events by Sourcetype</title>
<chart>
<search>
<query>$SPAN$ index = _internal | head $field2$ | stats count by sourcetype</query>
<sampleRatio>1</sampleRatio>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">none</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
</form>
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BinnyK
Explorer
05-02-2017
05:43 AM
Thanks @adonio.
That was exactly what i was looking for. That helped a lot.
Get Updates on the Splunk Community!
Observe and Secure All Apps with Splunk
Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...
Splunk Decoded: Business Transactions vs Business IQ
It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...
Fastest way to demo Observability
I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...
