Solved: Problem with time selectors and datamodel

snemiro_514 · ‎11-07-2014

I'm migrating from index = .. notation to a datamodel definition.

I'm stuck with the use of the "earliest" and "latest" parameters in a search. Í have a drop list with time options and my search looks like:

index="index1" earliest=@$TimePeriod1$ latest=+1$TimePeriod1$@$TimePeriod1$| timechart count(...

where TimePeriod1 is a result of a drop down (d,w,mon,q)

Now with datamodels, I don't know where to select the time values.

| datamodel TEST SUCCESS search | search earliest=@$TimePeriod1$ latest=+1$TimePeriod1$@$TimePeriod1$| timechart count(...
doesn't work.

Any suggestion?

Thanks!

snemiro_514 · ‎11-10-2014

Using the tags instead of the search parameters solved the problem. Thanks Martin!

"martin_mueller ♦ ·

Why not set the time range in the earliest and latest time tags?
"

View solution in original post

snemiro_514 · ‎11-10-2014

Using the tags instead of the search parameters solved the problem. Thanks Martin!

"martin_mueller ♦ ·

Why not set the time range in the earliest and latest time tags?
"

martin_mueller · ‎06-29-2016

I see - tstats can search accelerated datamodels, and supports inline filtering by earliest and latest: http://docs.splunk.com/Documentation/Splunk/6.4.1/SearchReference/Tstats#Filtering_with_where

Kukkadapu · ‎06-29-2016

Thanks martin.

martin_mueller · ‎06-27-2016

http://docs.splunk.com/Documentation/Splunk/6.4.1/Viz/PanelreferenceforSimplifiedXML#search_element

Kukkadapu · ‎06-28-2016

Thanks Martin. I'll check the document and try it. Appreciate your time

Kukkadapu · ‎06-29-2016

Hi Matin, I've set the time range in the earliest and latest time tags and it worked fine.

But my use case is to join two datamodels and each datamodel has different time stamps. I can pass one time range for a datamodel but not sure how to do it for multiple datamodels? Any ideas?

Thanks.

Kukkadapu · ‎06-27-2016

Hi Martin,
Can you tell me how to set the time range in the earliest and latest time tags?

Thanks.

martin_mueller · ‎11-07-2014

Why not set the time range in the earliest and latest time tags?

snemiro_514 · ‎11-10-2014

Works like a charm. Thanks!

Kukkadapu · ‎06-27-2016

Hi Snemiro, Can you elaborate the fix? I mean how to use tags in search parameters with datamodel.

Thanks.

snemiro_514 · ‎11-07-2014

That might work. We are ending the day here. I will try it on Monday. Thank you, Martin!

martin_mueller · ‎11-07-2014

Why are you stuck with setting the time range in the search rather than using the regular time range?

snemiro_514 · ‎11-07-2014

The dashboard allows users to choose the time to compare between different periods of data. They can choose days, weeks, months, quarters, years, so I show a graphic of "this period" and "previous period".

Problem with time selectors and datamodel

Unlock Database Monitoring with Splunk Observability Cloud

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Problem with time selectors and datamodel

Unlock Database Monitoring with Splunk Observability Cloud

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Splunk MCP & Agentic AI: Machine Data Without Limits