Splunk Search

Token reference for TimeChart panel

synastraa
Path Finder

alt textalt text

Hi,

I am currently trying to do a drill down for my panel when i click on each month. However when I click on the month , the month retrieve was in epoch time format. How do i work around this so I can do drilldown for my timechart? Thanks

Best Regards,
Aloysius

Tags (1)
0 Karma
1 Solution

tiagofbmm
Influencer

You can use an eval token instead of the native "set" that Splunk UI uses.

    <drilldown>
      <set token="t">$click.value$</set>
      <eval token="t">strftime($click.value$,"%m")</eval>
    </drilldown>

This will set your token to the month number. For more info on date and times formats:

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Commontimeformatvariables

View solution in original post

tiagofbmm
Influencer

You can use an eval token instead of the native "set" that Splunk UI uses.

    <drilldown>
      <set token="t">$click.value$</set>
      <eval token="t">strftime($click.value$,"%m")</eval>
    </drilldown>

This will set your token to the month number. For more info on date and times formats:

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Commontimeformatvariables

synastraa
Path Finder

Thanks tiagofbmm,

this solved my question.

0 Karma
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...