Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show custom time for PDF schedule report?

mahesh27
Communicator
‎09-28-2023 04:29 PM

Dashboard xml:
I am using this dashboard  to Schedule PDF report, and all panels are showing data for 7 days.
I need to show the time period at the top  of the report like
Time Period: 01-17-2023 to 01-23-2023
how can i do this??

 

 

<dashboard>
<label> Dashboard title</label>
<row>
<panel>
<title>first panel</title>
<single>
<search>
<query>|tstats count as internal_logs where index=_internal
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
<row>
<panel>
<title>second panel</title>
<single>
<search>
<query>|tstats count as audit_logs where index=_audit
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
<row>
<panel>
<title>Third panel</title>
<single>
<search>
<query>|tstats count as main_logs where index=main
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
</dashboard>

 

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

mahesh27
Communicator
‎09-29-2023 10:13 AM

Can anyone help on this??

Tags (1)
0 Karma
Reply

Thulasinathan_M
Contributor
‎09-29-2023 10:33 AM

Hi,
Try something like this, hope it works. You can hide the table and use the token on your panel title.

<row>
    <panel>
      <table depends="$hide$">
        <title>$Time_Period_Start$ $Time_Period_End$</title>
        <search>
          <query>| makeresults
| addinfo
| eval SearchStart = strftime(info_min_time, "%Y-%m-%d %H:%M:%S"), SearchEnd = strftime(info_max_time, "%Y-%m-%d %H:%M:%S")
| table SearchStart, SearchEnd</query>
          <earliest>-7d@d</earliest>
          <latest>@d</latest>
          <done>
            <set token="Time_Period_Start">$result.SearchStart$</set>
            <set token="Time_Period_End">$result.SearchEnd$</set>
          </done>
        </search>
      </table>
    </panel>
  </row>

 

0 Karma
Reply

mahesh27
Communicator
‎10-05-2023 01:37 PM

Hi @Thulasinathan_M , i tried your xml and generated PDF the  start and end date are showing as Invalid in PDF report.
And moreover can u take my xml and show me how to add tokens to the panels.
so that i can see start and end date in the report.

Tags (1)
0 Karma
Reply

Thulasinathan_M
Contributor
‎10-08-2023 07:17 AM

Hi,
Have you tried the one I shared, if yes please share me your updated dashboard xml. It's working for me I could see the time on report.

0 Karma
Reply

mahesh27
Communicator
‎10-13-2023 09:38 AM

Below is the complete xml.
here i am not getting how to add the token values to the other panels in the dashboard.
Can you help me on that


<dashboard>
<label> Dashboard title</label>
<row>
    <panel>
      <table depends="$hide$">
        <title>$Time_Period_Start$ $Time_Period_End$</title>
        <search>
          <query>| makeresults
| addinfo
| eval SearchStart = strftime(info_min_time, "%Y-%m-%d %H:%M:%S"), SearchEnd = strftime(info_max_time, "%Y-%m-%d %H:%M:%S")
| table SearchStart, SearchEnd</query>
          <earliest>-7d@d</earliest>
          <latest>@d</latest>
          <done>
            <set token="Time_Period_Start">$result.SearchStart$</set>
            <set token="Time_Period_End">$result.SearchEnd$</set>
          </done>
        </search>
      </table>
    </panel>
  </row>
<row>
<panel>
<title>first panel</title>
<single>
<search>
<query>|tstats count as internal_logs where index=_internal
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
<row>
<panel>
<title>second panel</title>
<single>
<search>
<query>|tstats count as audit_logs where index=_audit
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
<row>
<panel>
<title>Third panel</title>
<single>
<search>
<query>|tstats count as main_logs where index=main
</query>
<earliest>-7d@d</earliest>
<latest>@d</latest>
<sampleRatio>1<sampleRatio>
</search>
<option name="drilldown">none</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
</row>
</dashboard>



0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...