Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Using a different time picker on an inner query

ShagVT
Path Finder
‎08-25-2020 07:13 AM

I'm working on dashboard in which I would like to compare data across two different time periods.  (I posted a previous question here: https://community.splunk.com/t5/Splunk-Search/Compare-percentages-with-a-week-ago/m-p/513799#M144200)

I would like to have two time pickers on my dashboard.  The first would be for time period 1 and the second would be for time period 2.  I have much of this worked out conceptually ... but I don't see how to have the second time picker work for the inner query.    In its simplest form it would look something like this:

<base query>

| append [search <base query> $timePicker2$]

| <collate data>

The question is how to make that timePicker2 actually work.  I have this working with just a dropdown that includes a handful of preset values like earliest=-169h@h latest=-168h@h to be "same hour last week"  but if i wanted to make it more flexible with a time picker, I don't understand how to make that work.

Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-25-2020 07:35 AM

Hi

did this help you?

https://community.splunk.com/t5/Dashboards-Visualizations/Is-it-possible-to-override-a-base-search-l...

r. Ismo

0 Karma
Reply

ShagVT
Path Finder
‎08-25-2020 09:58 AM

@isoutamo - thanks for the link.  I don't see how to make that work.  How would I connect the time picker only to the inner search?  In that example, it looks like there are two separate queries in which the entire query is driven by its own picker, so I think that is solving a different problem.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...