Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you deploy year wise filter in the splunk dashboard?

shailesh069
Engager
‎04-24-2019 02:52 AM

I get the string and match the string but it has to go through all the database , so getting performance issue

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎04-24-2019 08:03 AM

@shailesh069 can you share your current search, so we can help you improve it?

Should be as simple as: earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" to get all events from 2018.

Edit: for integrating that in a dashboard with a dropdown: Define a dropdown with the desired selection of years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

View solution in original post

Reply
Solved! Jump to solution

shailesh069
Engager
‎04-24-2019 09:39 PM

@FrankVl But this " earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" " is hardcoded. I want a dropdown in the dashoard , in which if I select "2019" is in dropdown then it should filter the data in the dashboard according to that year. How can we do it.

What I did is I created a dropdown with the "2019", "2018", "2017" after that when user click it, I am doing my filter. So this way it has to see whole events to extract. But what I wan to do is when user clicks the "2019" the events restricted itself to the "2019" events

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-25-2019 12:11 AM

Then define a dropdown with those years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

0 Karma
Reply
Solved! Jump to solution

shailesh069
Engager
‎04-25-2019 12:48 AM

@FrankVl Thanks a lot , I got it. I will try this.

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-25-2019 02:11 AM

Good luck. I changed my earlier comment to an answer and added this part as well. If it works for you, please mark that answer as accepted 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎04-24-2019 08:03 AM

@shailesh069 can you share your current search, so we can help you improve it?

Should be as simple as: earliest="1/1/2018:00:00:00" latest="1/1/2019:00:00:00" to get all events from 2018.

Edit: for integrating that in a dashboard with a dropdown: Define a dropdown with the desired selection of years as names and the respective earliest/latest filters as values. Assign a token and use that token in your dashboard's search query.

Reply
Solved! Jump to solution

p_gurav
Champion
‎04-24-2019 07:16 AM

Did you try using splunk internal field called date_year?

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎04-24-2019 08:01 AM

That is dangerous as it will only be available when splunk parses the time from the event content. If you have data sources where you use "current time" for the timestamp, it will not have those date_ fields. Also, those field can be disabled (for performance reasons).

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...