@sainag_splunk 


not sure where Id add this source code

 "query": "index=web \n| chart count over product_name by host",
        "queryParameters": {
            "earliest": "$global_time.earliest$",
            "latest": "$global_time.latest$"
        }
    },

The current dashboard is using saved Reports and so Id imagine we be using
ds.savedSearch

Is there a way we can also update the timerange on the saved searrches or reports?

"ds_saved_search_from_sr": {
 "type": "ds.savedSearch",
 "options": {
  "ref": "<your data source name>"
 },
 "name": "Saved Search Data Source From S&R"
}

how can I implement this to the one above?

{
    "type": "input.timerange",
    "options": {
       "token": "global",
       "defaultValue": "-15m,now"
    },
    "title": "Global Time Range"
}

I beleive using parameters with ds.savedsearch is not supported. You can use parameters with a regular search using the savedsearch command.

Hope this helps. 

@sainag_splunk 
tried and got this error
[/visualizations/viz_JOPhfhQli/options/y2AxisScale]: must match pattern.....
and many more.

can you please try to use loadjob as mentioned in the document. 

<search> 
    <query> | loadjob savedsearch="admin:search:SavedSearch"
    </query>    
</search> 

So Inline searches would not work in this scenario

@sainag_splunk 
This method did work until I found out that the User who are viewing the dashboard are not able to see the results, and its due to not having access to the Index.

The users who are viewing this dashboard are third party and people that we do not want to have access to the Index (example... outside of the Org users)

hence the reason the dashboard used saved reports where its viewable, but like I mentioned we faced the issue of changing the Time range picker since the saved reports are showing in a static, where we wish to make it  change as we specify a time range with the Input.

@sainag_splunk 
Correct me if I'm wrong but that doc is with Classical Dashboard where it uses XML code
we are using Dashboard Studio that works with JSON code.

@sainag_splunk Oh okay! 
where does adding in the Time range come in?
or how is it linked to the panel's search?

Hello! here is the document which explains using inputs. Please expand the code and look out here: https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/DashStudio/inputs

"inputs": {
        "input_global_trp": {
            "type": "input.timerange",
            "options": {
                "token": "global_time",
                "defaultValue": "-24h@h,now"
            },
            "title": "Global Time Range"
        },

This is the link for Link to a report: https://docs.splunk.com/Documentation/SplunkCloud/9.0.2305/DashStudio/linkURL#Link_to_a_report


If none of these are helping you out, please try creating your dashboard in classic and convert into studio, you might be able to find the difference.



 Please UpVote if this helps.

@sainag_splunk 

This method did work until I found out that the User who are viewing the dashboard are not able to see the results, and its due to not having access to the Index.

The users who are viewing this dashboard are third party and people that we do not want to have access to the Index (example... outside of the Org users)

hence the reason the dashboard used saved reports where its viewable, but like I mentioned we faced the issue of changing the Time range picker since the saved reports are showing in a static, where we wish to make it  change as we specify a time range with the Input.

So Inline searches would not work in this scenario

To solve your problem with third-party users and time range flexibility, try this:

1. Make a new, summary index just for this data.
2. Set up an automatic search that puts the data required in this new index regularly.
3. Change your dashboard to use this new index.
4. Give the third-party users access to only this new index.
5. Now you can add a time range picker to your dashboard.
   
   
   
   Hope this helps. Karma would be appreciated. 

@sainag_splunk 
Thank you is there another way?

we are trying to not give third party users access to Splunk Indexes

All the best!

Multiple questions on the same post might be misleading to others in future. Please ask as new question.

For granting third-party access to Splunk dashboards, here are some options and best practices:

1. Embedded reports: You can use Splunk's embed functionality to share specific reports or dashboards. This method allows you to control exactly what data is shared. Reference: https://docs.splunk.com/Documentation/Splunk/latest/Report/Embedscheduledreports
2. Summary indexing and role-based access:
   • Collect relevant data in a summary index with a specific source.
   • Create a dedicated Splunk role for the third party.
   • Map this role to their AD/LDAP group.
   • Set search restrictions for this role to only access the required source/sourcetype, so you don't give access to the entire iindex.
     
     
     

Hope this helps. Karma would be appreciated.