How to add date range to dashboard panel title so...

Renunaren · ‎04-01-2023

Hi Team,

We have a splunk dashboard panel which has a requirement that is.

The dashboard panel has a title which needs a time range and that time range should be same as the time range which is used for the search time in the panel. Below are the snippets which can give an idea about the requirement.

The date range which has highlighted should be same as the below search time which has been used in the same panel.

Need help on the above requirement.

yuanliu · ‎04-01-2023

Your best bet is to use an explicit time picker in the dashboard, like this:

<form version="1.1">
  <label>Show time picker</label>
  <init>
    <input type="time" token="time_tok">
      <label>Pick a time range</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Search from &lt;$time_tok.earliest$&gt; to &lt;$time_tok.latest$&gt;</title>
      <table>
        <search>
          <query>index=_internal
| addinfo
| stats count by info_min_time info_max_time
| fieldformat info_min_time = strftime(info_min_time, "%F %H:%M:%S")
| fieldformat info_max_time = strftime(info_max_time, "%F %H:%M:%S")</query>
          <earliest>$time_tok.earliest$</earliest>
          <latest>$time_tok.latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

You'll notice that it works best when the user selects from presets. Otherwise the title will show epoc seconds of user's selection. It is possible to convert general time range into human-friendly form using a "hidden" token calculation on the dashboard. Bottom line is: There is no way to make title to show information that is pre-selected inside the panel.

Renunaren · ‎04-02-2023

Hi User,

I have tried to use the above it is showing error like below while editing.

yuanliu · ‎04-03-2023

My mistake. (I was editing from a dashboard that had other inputs unrelated to this problem, then deleted some tags.)

<form version="1.1">
  <label>Show time picker</label>
  <fieldset>
    <input type="time" token="time_tok">
      <label>Pick a time range</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Search from &lt;$time_tok.earliest$&gt; to &lt;$time_tok.latest$&gt;</title>
      <table>
        <search>
          <query>index=_internal
| addinfo
| stats count by info_min_time info_max_time
| fieldformat info_min_time = strftime(info_min_time, "%F %H:%M:%S")
| fieldformat info_max_time = strftime(info_max_time, "%F %H:%M:%S")</query>
          <earliest>$time_tok.earliest$</earliest>
          <latest>$time_tok.latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

How to add date range to dashboard panel title so that the date range in the title and search time both are same?

stats

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?