Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Using a different time picker on an inner query

ShagVT
Path Finder
‎08-25-2020 07:13 AM

I'm working on dashboard in which I would like to compare data across two different time periods.  (I posted a previous question here: https://community.splunk.com/t5/Splunk-Search/Compare-percentages-with-a-week-ago/m-p/513799#M144200)

I would like to have two time pickers on my dashboard.  The first would be for time period 1 and the second would be for time period 2.  I have much of this worked out conceptually ... but I don't see how to have the second time picker work for the inner query.    In its simplest form it would look something like this:

<base query>

| append [search <base query> $timePicker2$]

| <collate data>

The question is how to make that timePicker2 actually work.  I have this working with just a dropdown that includes a handful of preset values like earliest=-169h@h latest=-168h@h to be "same hour last week"  but if i wanted to make it more flexible with a time picker, I don't understand how to make that work.

Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-25-2020 07:35 AM

Hi

did this help you?

https://community.splunk.com/t5/Dashboards-Visualizations/Is-it-possible-to-override-a-base-search-l...

r. Ismo

0 Karma
Reply

ShagVT
Path Finder
‎08-25-2020 09:58 AM

@isoutamo - thanks for the link.  I don't see how to make that work.  How would I connect the time picker only to the inner search?  In that example, it looks like there are two separate queries in which the entire query is driven by its own picker, so I think that is solving a different problem.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...