Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add a filter on time field in a dashboard (to search a specific day)

kvnpichon
Path Finder
‎07-27-2020 06:09 AM

Hello Splunkers,

I have created a dashboard about the number of events indexed per day (history).

This what it looks like :

history_indexing_dashboard.png

 

 

 

 

 

My question is, how can I create a select/search field to be able to specify a date (format : YYYY-MM-DD) and display the number of events for this specific date  ?

For example I specify the "2020-07-26" date in the search field  and the dashboard must displays the only line with the date and the number of events at this date (Number of Events = 107119 in the example).

Hope you can help me,

Regards

Labels (3)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

kvnpichon
Path Finder
‎07-28-2020 12:51 AM

Hello,

I found a solution to my issue :

I used a time range picker and used the $time$ token.

In the source code of my dashboard (xml) I added 2 lines just after the query  :

<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>

So, now its looks like :

kvnpichon_0-1595922643868.png

Thanks for reply.

View solution in original post

Reply
Solved! Jump to solution

spitchika
Path Finder
‎07-27-2020 08:24 AM

1# Best way is, populate all your _time into Dropdown input and select from there. You can just include dropdown and in search string you can give a query to populate dates (I think you already have that query based on your screenshot)

2# in case your dates are too many then its difficult to select from drop down, in that case you can go with "Textbox" input type, It will act as variable in programming language :).

0 Karma
Reply
Solved! Jump to solution

spitchika
Path Finder
‎07-27-2020 08:27 AM

In both these cases you need to use input field token in your query like $Token$ to use it as variable.

Reply
Solved! Jump to solution
Solution

kvnpichon
Path Finder
‎07-28-2020 12:51 AM

Hello,

I found a solution to my issue :

I used a time range picker and used the $time$ token.

In the source code of my dashboard (xml) I added 2 lines just after the query  :

<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>

So, now its looks like :

kvnpichon_0-1595922643868.png

Thanks for reply.

Reply
Get Updates on the Splunk Community!

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...