Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Mutiple timepicker for same search

ma_anand1984
Contributor
‎05-29-2013 10:56 PM

I'm having a query that has a sub-search. I want to pass one time-period to outer query and another to sub-search.

I would like to do that using TWO Time Pickers.

How can i make it work. I can i uniquely identify a time picker?

Anand

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-30-2013 09:58 AM

The ValueSetter trick should work. In the below don't think of the $search.timeRange.earliest$ and $search.timeRange.latest$ keys as the actual keys that TimeRangePicker outputs, or you'll make some bad assumptions. Instead think of them as a convenient second way that Sideview Utils gives you to get the timerange arguments. Basically the two value setters use these keys to stash away the first timerange before it gets clobbered by the second timerange. 

<module name="TimeRangePicker">
  <param name="allowSoftSubmit">True</param>
  <param name="default">Last 7 days</param>

  <module name="ValueSetter">
    <param name="name">stashedEarliest</param>
    <param name="value">$search.timeRange.earliest$</param>

    <module name="ValueSetter">
      <param name="name">stashedLatest</param>
      <param name="value">$search.timeRange.latest$</param>

      <module name="TimeRangePicker">
        <param name="allowSoftSubmit">True</param>
        <param name="default">Last 24 hours</param>

I would make sure you're on latest Sideview Utils though, because in the 100+ bugs and fixes between 1.3.X and 2.X I'm pretty sure there were some problems found and fixed around these timerange keys.

View solution in original post

Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎05-30-2013 09:58 AM

The ValueSetter trick should work. In the below don't think of the $search.timeRange.earliest$ and $search.timeRange.latest$ keys as the actual keys that TimeRangePicker outputs, or you'll make some bad assumptions. Instead think of them as a convenient second way that Sideview Utils gives you to get the timerange arguments. Basically the two value setters use these keys to stash away the first timerange before it gets clobbered by the second timerange. 

<module name="TimeRangePicker">
  <param name="allowSoftSubmit">True</param>
  <param name="default">Last 7 days</param>

  <module name="ValueSetter">
    <param name="name">stashedEarliest</param>
    <param name="value">$search.timeRange.earliest$</param>

    <module name="ValueSetter">
      <param name="name">stashedLatest</param>
      <param name="value">$search.timeRange.latest$</param>

      <module name="TimeRangePicker">
        <param name="allowSoftSubmit">True</param>
        <param name="default">Last 24 hours</param>

I would make sure you're on latest Sideview Utils though, because in the 100+ bugs and fixes between 1.3.X and 2.X I'm pretty sure there were some problems found and fixed around these timerange keys.

Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎05-31-2013 10:13 AM

I'm afraid you do need two. I've considered an alternate way of using ValueSetter, where you specify <param name="arg.someName">someValue</param>. This would only be an alternate way, not a replacement for the straight up name/value params. However this is still only at the tinkering stage and other priorities have consistently risen higher in the queue.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-31-2013 02:46 AM

Two param tags with the same name ("name", "value") would then overwrite each other.

0 Karma
Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎05-30-2013 08:26 PM

Thank you, do we really need to use two Valusetter module, i thought we can use two name value pairs in same module

0 Karma
Reply
Solved! Jump to solution

ma_anand1984
Contributor
‎05-30-2013 04:36 AM

thank you. I thought of the same. I'm currently using a custom made pulldown

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-30-2013 12:50 AM

The only way I see would be to rewrite the keys from the first TimeRangePicker with a ValueSetter to avoid being overwritten by the second TimeRangePicker - I have no idea whether this will work or not though.

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...