Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the token name of the Search form's time range picker?

j_w_660
Engager
‎01-25-2017 01:03 PM

I want to display human readable timestamps for the Search form's default time range picker earliest and latest values. But, I can't figure out what the token name of the time range picker is.

I'm generating a SQL query to use in DB Connect and I want to specify the same time range in the SQL query as the time range picker on the Search form/page.

I'm looking for something like this to put into the SQL where clause:

| stats count | eval start=relative_time(now(), $earliest$) | convert ctime(start) | table start

where $earliest$ is coming from the standard/default time range picker.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎01-25-2017 02:35 PM

If your Splunk search is using the time range picker, you can try like this. The gentimes is just to generate one sample row. The addinfo command is what get the absolute epoch value of the selected time range picker value.

| gentimes start=-1  | addinfo | table info_min_time info_max_time | rename info_min_time  as earliest info_max_time as latest | convert ctime(earliest) ctime(latest)

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
SplunkTrust
SplunkTrust
‎01-25-2017 02:35 PM

If your Splunk search is using the time range picker, you can try like this. The gentimes is just to generate one sample row. The addinfo command is what get the absolute epoch value of the selected time range picker value.

| gentimes start=-1  | addinfo | table info_min_time info_max_time | rename info_min_time  as earliest info_max_time as latest | convert ctime(earliest) ctime(latest)
Reply
Solved! Jump to solution

DalJeanis
SplunkTrust
SplunkTrust
‎01-25-2017 02:38 PM

Somesoni2 - you should move that comment to be an answer so he can accept it. Addinfo is exactly what he needs.

0 Karma
Reply
Solved! Jump to solution

somesoni2
SplunkTrust
SplunkTrust
‎01-25-2017 01:58 PM

You want to add columns in the search result (from default search dashboard) OR you're creating a dashboard and want to selected timerange in some lebel/title?

0 Karma
Reply
Solved! Jump to solution

j_w_660
Engager
‎01-25-2017 02:05 PM

I'm generating a SQL query to use in DB Connect and I want to specify the same time range in the SQL query as the time range picker on the Search form/page.

I'm looking for something like this:

| stats count | eval start=relative_time(now(), $earliest$) | convert ctime(start) | table start

where $earliest$ is coming from the standard/default time range picker.

0 Karma
Reply
Solved! Jump to solution

somesoni2
SplunkTrust
SplunkTrust
‎01-25-2017 02:14 PM

Could you provide the SQL Query/Splunk Search that you're using right now? Are you using dbxquery or dbquery command to run the SQL and want to add current time range into WHERE clause somewhere?

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...