Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to replace "T" with a blank space for time input fields in a text input form?

purva13
Explorer
‎07-13-2015 11:22 AM

Hello,

I am trying queries in Splunk and learning it. I have a dashboard where there are two text inputs, From and To, where a user will enter time like this:
alt text

And I am passing it to earliestTime and latestTime like this:

<earliestTime>$from$</earliestTime>
<latestTime>$to$</latestTime>

Now, instead of T, I want a blank space. How can I do this?
I tried to use eval replace function, but that is not working.

[I don't want to use time-picker of Splunk.]

Preview file
14 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-13-2015 02:30 PM

You can set up an eval-based macro like this:

[my_strptime(1)]
args = time
definition = strptime("$time$", "%F %T")
iseval = 1

Then drop the earliest and latest elements from your search element and instead specify the time range directly in the search:

index=foo earliest=`my_strptime($from$)` latest=`my_strptime($to$)`

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-13-2015 02:30 PM

You can set up an eval-based macro like this:

[my_strptime(1)]
args = time
definition = strptime("$time$", "%F %T")
iseval = 1

Then drop the earliest and latest elements from your search element and instead specify the time range directly in the search:

index=foo earliest=`my_strptime($from$)` latest=`my_strptime($to$)`
Reply
Solved! Jump to solution

purva13
Explorer
‎07-17-2015 02:59 PM

Hey martin_mueller,

I tried this few days back and did't work. I was wondering what went wrong., it seems my macro was private. I worked perfect. Thanks a lot for the help!

0 Karma
Reply
Solved! Jump to solution

purva13
Explorer
‎07-13-2015 11:55 AM

I think I am not precise in my question. Instead of T in the time entered, I want a blank space so that it will be more convenient for the user. But when I do that, it is not accepting that time. Besides, I used strptime and strftime with eval, but I am not getting how can I pass it in ealiestTime and latestTime.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...