Solved: Token reference for TimeChart panel

synastraa · ‎07-09-2019

Hi,

I am currently trying to do a drill down for my panel when i click on each month. However when I click on the month , the month retrieve was in epoch time format. How do i work around this so I can do drilldown for my timechart? Thanks

Best Regards,
Aloysius

tiagofbmm · ‎07-09-2019

You can use an eval token instead of the native "set" that Splunk UI uses.

    <drilldown>
      <set token="t">$click.value$</set>
      <eval token="t">strftime($click.value$,"%m")</eval>
    </drilldown>

This will set your token to the month number. For more info on date and times formats:

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Commontimeformatvariables

View solution in original post

tiagofbmm · ‎07-09-2019

You can use an eval token instead of the native "set" that Splunk UI uses.

    <drilldown>
      <set token="t">$click.value$</set>
      <eval token="t">strftime($click.value$,"%m")</eval>
    </drilldown>

This will set your token to the month number. For more info on date and times formats:

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Commontimeformatvariables

synastraa · ‎07-10-2019

Thanks tiagofbmm,

this solved my question.

Token reference for TimeChart panel

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Token reference for TimeChart panel

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...