Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to implement time picker for dashboard ?

realajay89
Explorer
‎09-29-2014 05:07 AM

i want to know how splunk indexes for implementing in TimePicker in dashboard
this is my scenario .
My source data is in the form of csv. which i upload to splunk manually monthly once .
the data has no date or timestamp in it .
for example the columns names in csv is like this .

Page name , response time , total hits.
the source data name is for example " BTM_responsetime_July.csv
for the nxt month i upload another csv manually ( BTM_responsetime_August.csv)
i have wrote some search queries which gives statics of total hits and response time on dashboard .
i have implemented a Timepicker . which has option to choose date ranges ..
in search query . i have used wild card for source like " BTM_responsetime_*.csv .
so wen i choose date ranges in timepicker . the dashboard gives the statics between those specific date ranges.

Problem : i am not sure how the splunk is indexing .. As my data doesnt have any timestamps and dates and i am uploading data manually once every month .. i think splunk is taking date of upload as the only timestamp . based on which its giving result on dashboard. is it so ?? i want to know how indexing works in my case ??
Is there a way where we can tell splunk to take Timestamp from some lookup table .??

can anyone help me ?

0 Karma
Reply

linu1988
Champion
‎09-29-2014 05:34 AM

Hello Ajay,
That is not actually a problem from splunk end. You don't have enough data to tell splunk which date to take so automatically it takes the current system date from where you do the data upload. in your case timerange picker also should work fine if you can show it on a monthly basis. The query has to be formed likewise.

Regarding the lookup what exactly would you match up? If you do the lookup on the splunk query timerange picker will not have any effect as it looks for the splunk events rather than the non-existing data which is formed after the query is triggered. To have a the trend it will be better if you can have the same included in your csv file rather than going for lookup implementation which is quite expensive on maintenance and configuration.

Thanks,
L

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...