[Solution] Dashboard global_time token value not s...

preview · ‎10-04-2022

For the search record:

I edited an already functional dashboard in the studio, tweaking the layout. Part of that was deleting and relocating the Time Input. Afterwards I was seeing this weirdness on all of the charts:

That started a "what does it mean and where is it coming from" search, eventually becoming an expert in the concept of Splunk tokens.

The problem was the re-insertion of the Time Input had it put into the wrong area of the dashboard. The solution was to edit the Source of the dashboard and cut and paste the defaults section out of the visualization section that it had been put into, and back into the top section.

"defaults": {
    "dataSources": {
        "ds.search": {
            "options": {
                "queryParameters": {
                    "latest": "$global_time.latest$",
                    "earliest": "$global_time.earliest$"
                }
            }
       }
    }
},

Additionally the name of the token had been modded to the intuitive value of tr_txndYpSb when putting back the Time Input so it needed to be changed back to global_time. Once that was done, the dashboard charts worked again.

"inputs": {
    "input_inmCH1Lw": {
        "options": {
            "defaultValue": "-7d@h,now",
            "token": "tr_txndYpSb"
        },
        "title": "Time Range Input Title",
        "type": "input.timerange"
    }
},

[Solution] Dashboard global_time token value not set

chart

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!