Relative Time Value to Timepicker Latest

hypePG · ‎03-12-2019

Hey,

I got a dashboard with different panels. They are all controlled by a single timepicker.
Usually the timeranges a several weeks. In one of the panels I want an overview for the last 24 hours relative to the latest time.

For Example:

Time range picked via the picker:
01.03.2019-8.03.2019
24h Overview should display events for this range:
07.03.2019-8.03.2019

I tried working with tokens and different method to calculate the new earliest time but didnt get it to work.
I think it will be a simple fix but I jsut cant get it atm.

Thanks in advance.

Max

vnravikumar · ‎03-12-2019

Hi @hypePG

Try like in that panel with

<row>
    <panel>
      <table>
        <search>
          <query>index="_internal" |stats count</query>
          <earliest>-24h@h</earliest>
          <latest>$time.latest$</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>

hypePG · ‎03-13-2019

hey,

thanks for your answer! tried this already, i get the error message:

Invalid latest_time: latest_time must be after earliest_time.

regards,

max

vnravikumar · ‎03-13-2019

are you passing timepickers latest time?

hypePG · ‎03-15-2019

yes i am:

    <search>
      <query>search</query>
      <earliest>-24h@h</earliest>
      <latest>$timepicker.latest$</latest>
      <sampleRatio>1</sampleRatio>
    </search>

vnravikumar · ‎03-15-2019

what is the time range that you have selected?

Relative Time Value to Timepicker Latest

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

Relative Time Value to Timepicker Latest

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!