Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

time token conversion and displaying in title

mortenb123
Path Finder
‎03-03-2016 04:55 AM

Hi All

How do I get $time1$ and $time2$to display in my panel title?
I've also tried with strftime(), but without success, I mostly worked with snapped timestamps,

  <fieldset submitButton="false">
    <input type="time" token="field1" searchWhenChanged="true">
      <label>Timeintervall</label>
      <default>
        <earliest>-2d@d</earliest>
        <latest>-1d@d</latest>
      </default>
      <change>
        <eval token="time1">relative_time(now(),"$field1.earliest$")</eval>
        <eval token="time2">relative_time(now(),"$field1.latest$")</eval>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>ID&amp;Payment app Successful $time1$ to $time2$</title>

It will only show either "" 0 or just show the variable.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chimell
Motivator
‎03-15-2016 01:53 AM

Hi
I rectified just copy the search code below and test in your splunk web . It works well

<form>
<fieldset submitButton="false">
     <input type="time" token="field1" searchWhenChanged="true">
       <label>Timeintervall</label>
       <default>
         <earliest>-2d@d</earliest>
         <latest>-1d@d</latest>
       </default>
       <change>
         <eval token="time1">relative_time(now(),"-2d@d")</eval>
         <eval token="time2">relative_time(now(),"-1d@d")</eval>
       </change>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <title>Payment app Successful $time1$ to $time2$</title>

         <searchString>index=_internal|stats count by user</searchString>
         <earliestTime>$time1$</earliestTime>
         <latestTime>$time2$</latestTime>
       </table>
     </panel>
      </row>
     </form>

Look at the result

alt text

View solution in original post

Preview file
11 KB
Reply
Solved! Jump to solution
Solution

chimell
Motivator
‎03-15-2016 01:53 AM

Hi
I rectified just copy the search code below and test in your splunk web . It works well

<form>
<fieldset submitButton="false">
     <input type="time" token="field1" searchWhenChanged="true">
       <label>Timeintervall</label>
       <default>
         <earliest>-2d@d</earliest>
         <latest>-1d@d</latest>
       </default>
       <change>
         <eval token="time1">relative_time(now(),"-2d@d")</eval>
         <eval token="time2">relative_time(now(),"-1d@d")</eval>
       </change>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <title>Payment app Successful $time1$ to $time2$</title>

         <searchString>index=_internal|stats count by user</searchString>
         <earliestTime>$time1$</earliestTime>
         <latestTime>$time2$</latestTime>
       </table>
     </panel>
      </row>
     </form>

Look at the result

alt text

Preview file
11 KB
Reply
Solved! Jump to solution

mortenb123
Path Finder
‎03-15-2016 07:07 AM

Thanks, is it possible to then drop the first part, the field1 token and only use time1 and time2. Because the first one is not used.

0 Karma
Reply
Solved! Jump to solution

mortenb123
Path Finder
‎03-15-2016 01:38 AM

Anyone have a workaround, or solution here. in earlier versions of Splunk the timepicker wrote the iso timerange when the picker could not snap it.
I have lots of boards and it is very irritating that I cant write the timerange properly other than showing the snap values.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...