I have created a time input and also two text boxes to pass earliest and latest values to the searches.
When I select the time range from the time input, earliest and latest needs to be ignored.
index=_internal sourcetype=splunkd | stats count --> This is for last seven days.
when i pass earliest and latest to the search, time input should be ignored.
earliest=06/01/2021:00:00:00 latest=06/02/00:00:00 index=_internal sourcetype=splunk | stats count
I have this code:
<fieldset submitButton="true">
<input type="dropdown" token="choose">
<label>choose</label>
<choice value="timeRange">timeRange</choice>
<choice value="specificWindow">specificWindow</choice>
<change>
<condition label="timeRange">
<set token="timeRange">true</set>
<unset token="earliestLatest"></unset>
</condition>
<condition label="specificWindow">
<unset token="timeRange"></unset>
<set token="earliestLatest">true</set>
</condition>
</change>
<default>specificWindow</default>
</input>
<input type="time" token="timerange" depends="$timeRange$">
<label>Time</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="text" token="earliestTime" depends="$earliestLatest$">
<label>StartDate</label>
<default></default>
</input>
<input type="text" token="latestTime" depends="$earliestLatest$">
<label>EndDate</label>
<default></default>
</input>
How can i do this?
<form>
<label>Time test</label>
<fieldset submitButton="true">
<input type="dropdown" token="choose">
<label>choose</label>
<choice value="timeRange">timeRange</choice>
<choice value="specificWindow">specificWindow</choice>
<change>
<condition label="timeRange">
<set token="timeRange">true</set>
<unset token="earliestLatest"></unset>
</condition>
<condition label="specificWindow">
<unset token="timeRange"></unset>
<set token="earliestLatest">true</set>
</condition>
</change>
<default>specificWindow</default>
</input>
<input type="time" token="timerange" depends="$timeRange$">
<label>Time</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
<change>
<set token="form.earliestTime">$earliest$</set>
<set token="form.latestTime">$latest$</set>
</change>
</input>
<input type="text" token="earliestTime" depends="$earliestLatest$">
<label>StartDate</label>
<default></default>
<change>
<set token="form.timerange.earliest">$value$</set>
</change>
</input>
<input type="text" token="latestTime" depends="$earliestLatest$">
<label>EndDate</label>
<default></default>
<change>
<set token="form.timerange.latest">$value$</set>
</change>
</input>
</fieldset>
<row>
<panel>
<title>timerange $timerange.earliest$ - $timerange.latest$ earliest $earliestTime$ latest $latestTime$</title>
<table>
<search>
<query>index=_internal
| stats count by log_level</query>
<earliest>$timerange.earliest$</earliest>
<latest>$timerange.latest$</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
@ITWhisperer , Thanks a ton!! It worked like a charm.
@ITWhisperer , Thank you for the response!!
I was able to retrieve events when i give time range both in text box and the time input. But the problem is when the give time range in the format: %m/%d/%y:%HH:%MM:%SS in the text boxes it's not working. It's throwing me an exception as "Invalid earliest_time".
Please find the screenshot attached.
You could try parsing and formatting the time between input types (note I have use one format but you may want to use a different one)
<form>
<label>Time test</label>
<fieldset submitButton="true">
<input type="dropdown" token="choose">
<label>choose</label>
<choice value="timeRange">timeRange</choice>
<choice value="specificWindow">specificWindow</choice>
<change>
<condition label="timeRange">
<set token="timeRange">true</set>
<unset token="earliestLatest"></unset>
</condition>
<condition label="specificWindow">
<unset token="timeRange"></unset>
<set token="earliestLatest">true</set>
</condition>
</change>
<default>specificWindow</default>
</input>
<input type="time" token="timerange" depends="$timeRange$">
<label>Time</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
<change>
<eval token="form.earliestTime">strftime(relative_time(now(),$earliest$),"%Y/%m/%d %H:%M:%S")</eval>
<eval token="form.latestTime">strftime(relative_time(now(),$latest$),"%Y/%m/%d %H:%M:%S")</eval>
</change>
</input>
<input type="text" token="earliestTime" depends="$earliestLatest$">
<label>StartDate</label>
<default></default>
<change>
<eval token="form.timerange.earliest">strptime($value$,"%Y/%m/%d %H:%M:%S")</eval>
</change>
</input>
<input type="text" token="latestTime" depends="$earliestLatest$">
<label>EndDate</label>
<default></default>
<change>
<eval token="form.timerange.latest">strptime($value$,"%Y/%m/%d %H:%M:%S")</eval>
</change>
</input>
</fieldset>
<row>
<panel>
<title>timerange $timerange.earliest$ - $timerange.latest$ earliest $earliestTime$ latest $latestTime$</title>
<table>
<search>
<query>index=_internal
| stats count by log_level</query>
<earliest>$timerange.earliest$</earliest>
<latest>$timerange.latest$</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>
<form>
<label>Time test</label>
<fieldset submitButton="true">
<input type="dropdown" token="choose">
<label>choose</label>
<choice value="timeRange">timeRange</choice>
<choice value="specificWindow">specificWindow</choice>
<change>
<condition label="timeRange">
<set token="timeRange">true</set>
<unset token="earliestLatest"></unset>
</condition>
<condition label="specificWindow">
<unset token="timeRange"></unset>
<set token="earliestLatest">true</set>
</condition>
</change>
<default>specificWindow</default>
</input>
<input type="time" token="timerange" depends="$timeRange$">
<label>Time</label>
<default>
<earliest>-7d@h</earliest>
<latest>now</latest>
</default>
<change>
<set token="form.earliestTime">$earliest$</set>
<set token="form.latestTime">$latest$</set>
</change>
</input>
<input type="text" token="earliestTime" depends="$earliestLatest$">
<label>StartDate</label>
<default></default>
<change>
<set token="form.timerange.earliest">$value$</set>
</change>
</input>
<input type="text" token="latestTime" depends="$earliestLatest$">
<label>EndDate</label>
<default></default>
<change>
<set token="form.timerange.latest">$value$</set>
</change>
</input>
</fieldset>
<row>
<panel>
<title>timerange $timerange.earliest$ - $timerange.latest$ earliest $earliestTime$ latest $latestTime$</title>
<table>
<search>
<query>index=_internal
| stats count by log_level</query>
<earliest>$timerange.earliest$</earliest>
<latest>$timerange.latest$</latest>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</table>
</panel>
</row>
</form>