Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to implement time picker for dashboard ?

realajay89
Explorer
‎09-29-2014 05:07 AM

i want to know how splunk indexes for implementing in TimePicker in dashboard
this is my scenario .
My source data is in the form of csv. which i upload to splunk manually monthly once .
the data has no date or timestamp in it .
for example the columns names in csv is like this .

Page name , response time , total hits.
the source data name is for example " BTM_responsetime_July.csv
for the nxt month i upload another csv manually ( BTM_responsetime_August.csv)
i have wrote some search queries which gives statics of total hits and response time on dashboard .
i have implemented a Timepicker . which has option to choose date ranges ..
in search query . i have used wild card for source like " BTM_responsetime_*.csv .
so wen i choose date ranges in timepicker . the dashboard gives the statics between those specific date ranges.

Problem : i am not sure how the splunk is indexing .. As my data doesnt have any timestamps and dates and i am uploading data manually once every month .. i think splunk is taking date of upload as the only timestamp . based on which its giving result on dashboard. is it so ?? i want to know how indexing works in my case ??
Is there a way where we can tell splunk to take Timestamp from some lookup table .??

can anyone help me ?

0 Karma
Reply

linu1988
Champion
‎09-29-2014 05:34 AM

Hello Ajay,
That is not actually a problem from splunk end. You don't have enough data to tell splunk which date to take so automatically it takes the current system date from where you do the data upload. in your case timerange picker also should work fine if you can show it on a monthly basis. The query has to be formed likewise.

Regarding the lookup what exactly would you match up? If you do the lookup on the splunk query timerange picker will not have any effect as it looks for the splunk events rather than the non-existing data which is formed after the query is triggered. To have a the trend it will be better if you can have the same included in your csv file rather than going for lookup implementation which is quite expensive on maintenance and configuration.

Thanks,
L

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...