Solved: How to link dynamically the range time picker with...

jip31 · ‎11-17-2022

hi

as you can see I use a relative time in my search in order to filter events on today between 7h and 19h

earliest=@d+7h latest=@d+19h

Now I would like to be able to link this relative time with my timepicher in order to change the period slot, for example I need to display events on the last 7 days between 7h and 19 or on the last 24h between 7h and 19h

is it possible to do that?

thanks

<form>
  <label>CAP</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>`index_mes` sourcetype=web_request earliest=@d+7h latest=@d+19h

PaulPanther · ‎11-17-2022

One solution could be to define a customized timepicker https://community.splunk.com/t5/All-Apps-and-Add-ons/Limit-choices-in-default-TIMEPICKER/

or something like this

<form>
  <label>CAP</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="earliest_day">
      <label></label>
      <choice value="-1d">Yesterday</choice>
      <choice value="-7d">Last_Week</choice>
      <default>-1d</default>
 <change>
   <condition value="-1d">
   </condition>
   <condition>
   <set token="latest_day">>-1d</set>
   </condition>
  </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>`index_mes` sourcetype=web_request earliest=$earliest_day$@d+7h latest=$latest_day$@d+19h

View solution in original post

richgalloway · ‎11-17-2022

You could modify the query to filter results based on the hour.

<form>
  <label>CAP</label>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>`index_mes` sourcetype=web_request 
| where (date_hour > 7 AND date_hour < 19)

If the date_hour field is not available in your events then you can extract it from _time.

---
If this reply helps you, Karma would be appreciated.

PaulPanther · ‎11-17-2022

One solution could be to define a customized timepicker https://community.splunk.com/t5/All-Apps-and-Add-ons/Limit-choices-in-default-TIMEPICKER/

or something like this

<form>
  <label>CAP</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="earliest_day">
      <label></label>
      <choice value="-1d">Yesterday</choice>
      <choice value="-7d">Last_Week</choice>
      <default>-1d</default>
 <change>
   <condition value="-1d">
   </condition>
   <condition>
   <set token="latest_day">>-1d</set>
   </condition>
  </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <search>
          <query>`index_mes` sourcetype=web_request earliest=$earliest_day$@d+7h latest=$latest_day$@d+19h

jip31 · ‎11-17-2022

perfect thanks

How to link dynamically the range time picker with a relative time?

other

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life