Solved: time token conversion and displaying in title

mortenb123 · ‎03-03-2016

Hi All

How do I get $time1$ and $time2$to display in my panel title?
I've also tried with strftime(), but without success, I mostly worked with snapped timestamps,

  <fieldset submitButton="false">
    <input type="time" token="field1" searchWhenChanged="true">
      <label>Timeintervall</label>
      <default>
        <earliest>-2d@d</earliest>
        <latest>-1d@d</latest>
      </default>
      <change>
        <eval token="time1">relative_time(now(),"$field1.earliest$")</eval>
        <eval token="time2">relative_time(now(),"$field1.latest$")</eval>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>ID&amp;Payment app Successful $time1$ to $time2$</title>

It will only show either "" 0 or just show the variable.

Thanks

chimell · ‎03-15-2016

Hi
I rectified just copy the search code below and test in your splunk web . It works well

<form>
<fieldset submitButton="false">
     <input type="time" token="field1" searchWhenChanged="true">
       <label>Timeintervall</label>
       <default>
         <earliest>-2d@d</earliest>
         <latest>-1d@d</latest>
       </default>
       <change>
         <eval token="time1">relative_time(now(),"-2d@d")</eval>
         <eval token="time2">relative_time(now(),"-1d@d")</eval>
       </change>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <title>Payment app Successful $time1$ to $time2$</title>

         <searchString>index=_internal|stats count by user</searchString>
         <earliestTime>$time1$</earliestTime>
         <latestTime>$time2$</latestTime>
       </table>
     </panel>
      </row>
     </form>

Look at the result

View solution in original post

chimell · ‎03-15-2016

Hi
I rectified just copy the search code below and test in your splunk web . It works well

<form>
<fieldset submitButton="false">
     <input type="time" token="field1" searchWhenChanged="true">
       <label>Timeintervall</label>
       <default>
         <earliest>-2d@d</earliest>
         <latest>-1d@d</latest>
       </default>
       <change>
         <eval token="time1">relative_time(now(),"-2d@d")</eval>
         <eval token="time2">relative_time(now(),"-1d@d")</eval>
       </change>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <title>Payment app Successful $time1$ to $time2$</title>

         <searchString>index=_internal|stats count by user</searchString>
         <earliestTime>$time1$</earliestTime>
         <latestTime>$time2$</latestTime>
       </table>
     </panel>
      </row>
     </form>

Look at the result

mortenb123 · ‎03-15-2016

Thanks, is it possible to then drop the first part, the field1 token and only use time1 and time2. Because the first one is not used.

mortenb123 · ‎03-15-2016

Anyone have a workaround, or solution here. in earlier versions of Splunk the timepicker wrote the iso timerange when the picker could not snap it.
I have lots of boards and it is very irritating that I cant write the timerange properly other than showing the snap values.

time token conversion and displaying in title

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!