Solved: How to get earliest time and latest time token in ...

mishaaaaaaaaaa · ‎02-26-2019

Hi splunk comuniti!

I have a job in splunk. In "Edit Search" i have two fields - Earliest time and Latest time. How can i get tokens of this fields to use them in search query?

lakshman239 · ‎02-27-2019

Pls try $time_token.earliest$ and $time_token.latest$ where time_token is the name of your token

View solution in original post

lakshman239 · ‎02-27-2019

Pls try $time_token.earliest$ and $time_token.latest$ where time_token is the name of your token

mishaaaaaaaaaa · ‎02-27-2019

@lakshman239 but i don't know the name of time_token in job
I create a scheduled job and in "Edit search" tab i have two text input which is Earliest time and Latest time, and i don't know their tokens

mishaaaaaaaaaa · ‎02-27-2019

@lakshman239 i found how to do this, the tokens name are dispatch.latest_time and dispatch.earliest_time

lakshman239 · ‎02-28-2019

Glad it worked. Pls download the Splunk dashboard example app, if you haven't already, as it has tons of good examples like the one which you are after.

How to get earliest time and latest time token in JOB

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms