Dashboards & Visualizations

filtering using drop down for data that is coming from the DB

webnair
Explorer

Need to select data based on the time range. Currently it populates data for All times, instead need to have it weekly, monthly, all time.
I've added a panel to Select Time Range but still it populates the data for "All Time". What changes are needed. I've attached by query below:

Summary

<input type="time" token="time_tok" searchWhenChanged="true">
  <label>Select Time Range</label>
  <default>
    <earliestTime>-7d@h</earliestTime>
    <latestTime>now</latestTime>
  </default>
</input>


<panel>
  <table>
    <title>ESD Summary</title>
    <searchString>|inputlookup currentesdorders.csv  | dedup ORDER_NUMBER | fields ESD_ORDER CREATION_DATE ORDER_TOTAL ITEM_DESCRIPTION  | eval ESD_ORDER=if(ESD_ORDER="Y","ESD","Physical") | eval ZERO_DOLLAR_ORDER=if(ORDER_TOTAL =0,1,0) | eval NON_ZERO_ORDER=if(ORDER_TOTAL =0,0,1) | eval _time=CREATION_DATE | eval WORKS_7=if(like(ITEM_DESCRIPTION,"%Works 7%"),1,0) | stats count(_time) as "Order Count" sum(NON_ZERO_ORDER) as "$ Orders" sum(ZERO_DOLLAR_ORDER) as "Zero Dollar Orders" sum(WORKS_7) as "Works 7 Orders" by ESD_ORDER | addcoltotals labelfield=ESD_ORDER label="Order Total"</searchString>
    <earliestTime>$time_tok.earliest$</earliestTime>
    <latestTime>$time_tok.latest$</latestTime>
    <option name="wrap">true</option>
    <option name="rowNumbers">false</option>
    <option name="dataOverlayMode">none</option>
    <option name="drilldown">cell</option>
    <option name="count">10</option>
  </table>
</panel>
Tags (2)
0 Karma

chimell
Motivator

Hi webnair
I think that your syntax is correct .
I advise you to put panel mark in row mark and verify well your query

if you use splunk 6.2.x
replace

<earliestTime></earliestTime> 
by
<earliest></earliest> do the same with latestTime

and 
replace 
<SearchTime></SearchTime>

by 
<Search><query></query></Search>
0 Karma

rsennett_splunk
Splunk Employee
Splunk Employee

You have a syntax problem. the tags are "earliest" and "latest" - there is no such thing as earliestTime or latestTime etc, if you are referring to the Splunk time settings. so:

This would be your Timepicker:

 <form>
      <label>answers</label>
      <fieldset submitButton="false">
        <input type="time" token="time_tok" searchWhenChanged="true">
          <label>Select Time Range</label>
          <default>
            <earliest>-7d@h</earliest>
            <latest>now</latest>
          </default>
        </input>
      </fieldset>
    </form>

Same with the table panel, you must fix those tags or there is no meaning...

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...