Dashboards & Visualizations

How to give last 7 days dates to the drop-down as input

prathapkcsc
Explorer

HI,
I have one dashboard, i've provided drop down option for selecting til last 7 days data. In that drop down list i given present day, yesterday like. But, i want to provide last 7 days dates in that place as my drop-down list input. Is there anyway to do that?

My xml files looks like below

<form>
  <label>7 days metrics</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="TIME_STRING" searchWhenChanged="true">
      <label>Select Day</label>
      <choice value="earliest=@d latest=now">Today</choice>
      <choice value="earliest=-d@d latest=@d">Yesterday</choice>
      <choice value="earliest=-2d@d latest=-d@d">2 Days Ago</choice>
      <choice value="earliest=-3d@d latest=-2d@d">3 Days Ago</choice>
      <choice value="earliest=-4d@d latest=-3d@d">4 Days Ago</choice>
      <choice value="earliest=-5d@d latest=-4d@d">5 Day Ago</choice>
      <choice value="earliest=-6d@d latest=-5d@d">6 Days Ago</choice>
      <choice value="eariiest=-7d@d latest=-6d@d">7 Days Ago</choice>
      <default>earliest=@d latest=now</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>$TIME_STRING$ 
          source="path\*" host="my" index="main"  | rex "^\s*(?<Type>[^,]+),\s*(?<Category>[^,]+),\s*(?<date>\d{4}-\d{2}-\d{2}),\s*(?<time>\d{2}\:\d{2}),\s*(?<Count>\d+),\s*(?<Cpu_Usage_Percentage>[^,]+),\s*(?<Total_Disk_TB>[^,]+),\s*(?<Used_Disk_TB>[^,]+),\s*(?<Total_Memory_GB>[^,]+),\s*(?<Used_Memory_GB>\S+)"
| table  _time Type Category  Count Cpu_Usage_Percentage Total_Disk_TB Used_Disk_TB Total_Memory_GB Used_Memory_GB</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

Any help on this?

Tags (4)
0 Karma

bandit
Motivator

Thanks, all, based on your examples, I've created the following dashboard template for date selection. gentimes can be adjusted to your liking, I'm using gentimes start=-365 end=1 to cover a year

<form theme="dark">
  <label>Cascading Date Selector</label>
  <fieldset submitButton="false">
    <input type="radio" token="day_type" searchWhenChanged="true">
      <label>Day Type</label>
      <choice value="*">All</choice>
      <choice value="day_of_week IN (Mon,Tue,Wed,Thu,Fri)">Business Week (Mon-Fri)</choice>
      <choice value="day_of_week IN (Sat,Sun)">Weekends (Sat-Sun)</choice>
      <default>day_of_week IN (Mon,Tue,Wed,Thu,Fri)</default>
    </input>
    <input type="radio" token="year" searchWhenChanged="true">
      <label>Year</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>year</fieldForLabel>
      <fieldForValue>year</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ 
| dedup year 
| table year 
| sort -year</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="month" searchWhenChanged="true">
      <label>Month</label>
      <default>*</default>
      <fieldForLabel>month</fieldForLabel>
      <fieldForValue>month</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$  year=$year$ 
| dedup month 
| sort num(month_num) 
| table month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
    </input>
    <input type="dropdown" token="day_of_week" searchWhenChanged="true">
      <label>Day of Week</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>day_of_week</fieldForLabel>
      <fieldForValue>day_of_week</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ 
| dedup day_of_week 
| table day_of_week day_of_week_num 
| sort num(day_of_week_num) 
| table day_of_week</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="day_of_month" searchWhenChanged="true">
      <label>Day of Month</label>
      <choice value="*">All</choice>
      <fieldForLabel>day_of_month</fieldForLabel>
      <fieldForValue>day_of_month</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$
| dedup day_of_month 
| sort num(day_of_month) 
| table day_of_month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>
    <input type="dropdown" token="date_time_range" searchWhenChanged="true">
      <label>Date</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>date</fieldForLabel>
      <fieldForValue>time_range</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$ day_of_month=$day_of_month$ $date_time_range$ 
| table date time_range</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Example query with subsearch to return date ranges as query constraints:</title>
      <html>  
  <strong href="" style="color:white">your base query
[| gentimes start=-365 end=1
| sort -starttime
| eval earliest=starttime
| eval latest=endtime
| eval time_range=\"earliest=\"+earliest+\" latest=\"+latest
| eval day_of_week=strftime(starttime,\"%a\")
| eval day_of_month=strftime(starttime,\"%d\")
| eval year=strftime(starttime,\"%Y\")
| eval month=strftime(starttime,\"%b\")
| eval date=strftime(starttime,\"%a %m-%d-%Y\")
| search year="+"$"+"year"+"$"+" month="+"$"+"month"+"$"+" day_of_month="+"$"+"day_of_month"+"$"+" day_of_week="+"$"+"day_of_week"+"$"+" "+"$"+"day_type"+"$"+" "+"$"+"date_time_range"+"$"+" 
| table earliest latest
| return 1000 earliest latest]
</strong>
  </html>
    </panel>
  </row>
  <row>
    <panel>
      <title>Dates</title>
      <table>
        <search>
          <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$
| table year month day_of_month day_of_week date time_range</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">100</option>
        <option name="drilldown">none</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_week">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
    <panel>
      <title>Date  Constraints Returned</title>
      <table>
        <search>
          <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$ 
| table earliest latest 
| return 1000 earliest latest</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

nareshinsvu
Builder

Mate,

Use this in your search query of the dropdown. it gives last 7 days excluding today. And use "Dates" as fieldforLabel and value. It worked for me.

| gentimes start=-7 
| eval Dates=strftime(starttime,"%Y-%m-%d") 
| table Dates

nareshinsvu
Builder

@prathapkcsc

If it is resolved, accept and/upvote any of the replies which helped you.

0 Karma

patilsonali1729
Path Finder

index=indexname earliest=-7d@d
| eval Time=strftime(_time,"%m/%d/%Y")
| bin span=1d Time
| stats count by Time
| sort -Time

0 Karma

bandit
Motivator

Valid answer. Could be slow for large datasets. Same query with tstats

| tstats count where index=indexname earliest=-7d@d by _time
| bucket _time span=1d
| eval Time=strftime(_time,"%m/%d/%Y") 
| stats count by Time 
| sort -Time
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi prathapkcsc,

This run everywhere example should work:

<form>
   <label>7 days metrics</label>
   <fieldset submitButton="false">
     <input type="dropdown" token="TIME_STRING" searchWhenChanged="true">
       <label>Select Day</label>
       <choice value="earliest=@d latest=now">Today</choice>
       <choice value="earliest=-d@d latest=@d">Yesterday</choice>
       <choice value="earliest=-2d@d latest=-d@d">2 Days Ago</choice>
       <choice value="earliest=-3d@d latest=-2d@d">3 Days Ago</choice>
       <choice value="earliest=-4d@d latest=-3d@d">4 Days Ago</choice>
       <choice value="earliest=-5d@d latest=-4d@d">5 Day Ago</choice>
       <choice value="earliest=-6d@d latest=-5d@d">6 Days Ago</choice>
       <choice value="eariiest=-7d@d latest=-6d@d">7 Days Ago</choice>
       <default>earliest=@d latest=now</default>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <search>
            <query>
             index="_internal" $TIME_STRING$
             | rex "^\s*(?<Type>[^,]+),\s*(?<Category>[^,]+),\s*(?<date>\d{4}-\d{2}-\d{2}),\s*(?<time>\d{2}\:\d{2}),\s*(?<Count>\d+),\s*(?<Cpu_Usage_Percentage>[^,]+),\s*(?<Total_Disk_TB>[^,]+),\s*(?<Used_Disk_TB>[^,]+),\s*(?<Total_Memory_GB>[^,]+),\s*(?<Used_Memory_GB>\S+)"
             | table  _time Type Category  Count Cpu_Usage_Percentage Total_Disk_TB Used_Disk_TB Total_Memory_GB Used_Memory_GB
             </query>
           <sampleRatio>1</sampleRatio>
         </search>
         <option name="drilldown">none</option>
       </table>
     </panel>
   </row>
 </form>

I removed the earliest and latest option from the search and also changed the XML to use &lt; for < and the &gt; for >.

hope this helps ...

cheers, MuS

prathapkcsc
Explorer

You don't get my question.
I want to provide dates in drop-down list instead of today,1 day ago,2 days ago etc.
i want to give dates as drop-down list input.

0 Karma

MuS
SplunkTrust
SplunkTrust

ah I see .... let me have a look ....

0 Karma

bandit
Motivator

Updated my previous example to use tokens as input for the date ranges.

<form theme="dark">
  <label>Cascading Date Selector</label>
  <fieldset submitButton="false">
    <input type="radio" token="day_type" searchWhenChanged="true">
      <label>Day Type</label>
      <choice value="*">All</choice>
      <choice value="day_of_week IN (Mon,Tue,Wed,Thu,Fri)">Business Week (Mon-Fri)</choice>
      <choice value="day_of_week IN (Sat,Sun)">Weekends (Sat-Sun)</choice>
      <default>day_of_week IN (Mon,Tue,Wed,Thu,Fri)</default>
    </input>
    <input type="radio" token="year" searchWhenChanged="true">
      <label>Year</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>year</fieldForLabel>
      <fieldForValue>year</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ 
| dedup year 
| table year 
| sort -year</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="month" searchWhenChanged="true">
      <label>Month</label>
      <default>*</default>
      <fieldForLabel>month</fieldForLabel>
      <fieldForValue>month</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ 
| dedup month 
| sort num(month_num) 
| table month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
    </input>
    <input type="dropdown" token="day_of_week" searchWhenChanged="true">
      <label>Day of Week</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>day_of_week</fieldForLabel>
      <fieldForValue>day_of_week</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ 
| dedup day_of_week 
| table day_of_week day_of_week_num 
| sort num(day_of_week_num) 
| table day_of_week</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="day_of_month" searchWhenChanged="true">
      <label>Day of Month</label>
      <choice value="*">All</choice>
      <fieldForLabel>day_of_month</fieldForLabel>
      <fieldForValue>day_of_month</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$
| dedup day_of_month 
| sort num(day_of_month) 
| table day_of_month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>
    <input type="dropdown" token="date_time_range" searchWhenChanged="true">
      <label>Date</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>date</fieldForLabel>
      <fieldForValue>time_range</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$ day_of_month=$day_of_month$ $date_time_range$ 
| table date time_range</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="text" token="days_to_look_back" searchWhenChanged="true">
      <label>Days to look back  365=1 year</label>
      <default>365</default>
    </input>
    <input type="text" token="days_to_look_forward" searchWhenChanged="true">
      <label>Days to look forward 1=Today</label>
      <default>1</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Example query with subsearch to return date ranges as query constraints:</title>
      <html>  
  <strong href="" style="color:white">your base query
[| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$
| sort -starttime
| eval earliest=starttime
| eval latest=endtime
| eval time_range=\"earliest=\"+earliest+\" latest=\"+latest
| eval day_of_week=strftime(starttime,\"%a\")
| eval day_of_month=strftime(starttime,\"%d\")
| eval year=strftime(starttime,\"%Y\")
| eval month=strftime(starttime,\"%b\")
| eval date=strftime(starttime,\"%a %m-%d-%Y\")
| search year="+"$"+"year"+"$"+" month="+"$"+"month"+"$"+" day_of_month="+"$"+"day_of_month"+"$"+" day_of_week="+"$"+"day_of_week"+"$"+" "+"$"+"day_type"+"$"+" "+"$"+"date_time_range"+"$"+" 
| table earliest latest
| return 1000 earliest latest]
</strong>
  </html>
    </panel>
  </row>
  <row>
    <panel>
      <title>Dates</title>
      <table>
        <search>
          <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$
| table year month day_of_month day_of_week date time_range</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">100</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_week">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
    <panel>
      <title>Date  Constraints Returned</title>
      <table>
        <search>
          <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$ 
| table earliest latest 
| return 1000 earliest latest</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...