Dashboards & Visualizations

How to give last 7 days dates to the drop-down as input

prathapkcsc
Explorer

HI,
I have one dashboard, i've provided drop down option for selecting til last 7 days data. In that drop down list i given present day, yesterday like. But, i want to provide last 7 days dates in that place as my drop-down list input. Is there anyway to do that?

My xml files looks like below

<form>
  <label>7 days metrics</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="TIME_STRING" searchWhenChanged="true">
      <label>Select Day</label>
      <choice value="earliest=@d latest=now">Today</choice>
      <choice value="earliest=-d@d latest=@d">Yesterday</choice>
      <choice value="earliest=-2d@d latest=-d@d">2 Days Ago</choice>
      <choice value="earliest=-3d@d latest=-2d@d">3 Days Ago</choice>
      <choice value="earliest=-4d@d latest=-3d@d">4 Days Ago</choice>
      <choice value="earliest=-5d@d latest=-4d@d">5 Day Ago</choice>
      <choice value="earliest=-6d@d latest=-5d@d">6 Days Ago</choice>
      <choice value="eariiest=-7d@d latest=-6d@d">7 Days Ago</choice>
      <default>earliest=@d latest=now</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>$TIME_STRING$ 
          source="path\*" host="my" index="main"  | rex "^\s*(?<Type>[^,]+),\s*(?<Category>[^,]+),\s*(?<date>\d{4}-\d{2}-\d{2}),\s*(?<time>\d{2}\:\d{2}),\s*(?<Count>\d+),\s*(?<Cpu_Usage_Percentage>[^,]+),\s*(?<Total_Disk_TB>[^,]+),\s*(?<Used_Disk_TB>[^,]+),\s*(?<Total_Memory_GB>[^,]+),\s*(?<Used_Memory_GB>\S+)"
| table  _time Type Category  Count Cpu_Usage_Percentage Total_Disk_TB Used_Disk_TB Total_Memory_GB Used_Memory_GB</query>
          <earliest>-15m</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

Any help on this?

Tags (4)
0 Karma

bandit
Motivator

Thanks, all, based on your examples, I've created the following dashboard template for date selection. gentimes can be adjusted to your liking, I'm using gentimes start=-365 end=1 to cover a year

<form theme="dark">
  <label>Cascading Date Selector</label>
  <fieldset submitButton="false">
    <input type="radio" token="day_type" searchWhenChanged="true">
      <label>Day Type</label>
      <choice value="*">All</choice>
      <choice value="day_of_week IN (Mon,Tue,Wed,Thu,Fri)">Business Week (Mon-Fri)</choice>
      <choice value="day_of_week IN (Sat,Sun)">Weekends (Sat-Sun)</choice>
      <default>day_of_week IN (Mon,Tue,Wed,Thu,Fri)</default>
    </input>
    <input type="radio" token="year" searchWhenChanged="true">
      <label>Year</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>year</fieldForLabel>
      <fieldForValue>year</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ 
| dedup year 
| table year 
| sort -year</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="month" searchWhenChanged="true">
      <label>Month</label>
      <default>*</default>
      <fieldForLabel>month</fieldForLabel>
      <fieldForValue>month</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$  year=$year$ 
| dedup month 
| sort num(month_num) 
| table month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
    </input>
    <input type="dropdown" token="day_of_week" searchWhenChanged="true">
      <label>Day of Week</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>day_of_week</fieldForLabel>
      <fieldForValue>day_of_week</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ 
| dedup day_of_week 
| table day_of_week day_of_week_num 
| sort num(day_of_week_num) 
| table day_of_week</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="day_of_month" searchWhenChanged="true">
      <label>Day of Month</label>
      <choice value="*">All</choice>
      <fieldForLabel>day_of_month</fieldForLabel>
      <fieldForValue>day_of_month</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$
| dedup day_of_month 
| sort num(day_of_month) 
| table day_of_month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>
    <input type="dropdown" token="date_time_range" searchWhenChanged="true">
      <label>Date</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>date</fieldForLabel>
      <fieldForValue>time_range</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$ day_of_month=$day_of_month$ $date_time_range$ 
| table date time_range</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Example query with subsearch to return date ranges as query constraints:</title>
      <html>  
  <strong href="" style="color:white">your base query
[| gentimes start=-365 end=1
| sort -starttime
| eval earliest=starttime
| eval latest=endtime
| eval time_range=\"earliest=\"+earliest+\" latest=\"+latest
| eval day_of_week=strftime(starttime,\"%a\")
| eval day_of_month=strftime(starttime,\"%d\")
| eval year=strftime(starttime,\"%Y\")
| eval month=strftime(starttime,\"%b\")
| eval date=strftime(starttime,\"%a %m-%d-%Y\")
| search year="+"$"+"year"+"$"+" month="+"$"+"month"+"$"+" day_of_month="+"$"+"day_of_month"+"$"+" day_of_week="+"$"+"day_of_week"+"$"+" "+"$"+"day_type"+"$"+" "+"$"+"date_time_range"+"$"+" 
| table earliest latest
| return 1000 earliest latest]
</strong>
  </html>
    </panel>
  </row>
  <row>
    <panel>
      <title>Dates</title>
      <table>
        <search>
          <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$
| table year month day_of_month day_of_week date time_range</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">100</option>
        <option name="drilldown">none</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_week">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
    <panel>
      <title>Date  Constraints Returned</title>
      <table>
        <search>
          <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$ 
| table earliest latest 
| return 1000 earliest latest</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

nareshinsvu
Builder

Mate,

Use this in your search query of the dropdown. it gives last 7 days excluding today. And use "Dates" as fieldforLabel and value. It worked for me.

| gentimes start=-7 
| eval Dates=strftime(starttime,"%Y-%m-%d") 
| table Dates

nareshinsvu
Builder

@prathapkcsc

If it is resolved, accept and/upvote any of the replies which helped you.

0 Karma

patilsonali1729
Path Finder

index=indexname earliest=-7d@d
| eval Time=strftime(_time,"%m/%d/%Y")
| bin span=1d Time
| stats count by Time
| sort -Time

0 Karma

bandit
Motivator

Valid answer. Could be slow for large datasets. Same query with tstats

| tstats count where index=indexname earliest=-7d@d by _time
| bucket _time span=1d
| eval Time=strftime(_time,"%m/%d/%Y") 
| stats count by Time 
| sort -Time
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi prathapkcsc,

This run everywhere example should work:

<form>
   <label>7 days metrics</label>
   <fieldset submitButton="false">
     <input type="dropdown" token="TIME_STRING" searchWhenChanged="true">
       <label>Select Day</label>
       <choice value="earliest=@d latest=now">Today</choice>
       <choice value="earliest=-d@d latest=@d">Yesterday</choice>
       <choice value="earliest=-2d@d latest=-d@d">2 Days Ago</choice>
       <choice value="earliest=-3d@d latest=-2d@d">3 Days Ago</choice>
       <choice value="earliest=-4d@d latest=-3d@d">4 Days Ago</choice>
       <choice value="earliest=-5d@d latest=-4d@d">5 Day Ago</choice>
       <choice value="earliest=-6d@d latest=-5d@d">6 Days Ago</choice>
       <choice value="eariiest=-7d@d latest=-6d@d">7 Days Ago</choice>
       <default>earliest=@d latest=now</default>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <search>
            <query>
             index="_internal" $TIME_STRING$
             | rex "^\s*(?<Type>[^,]+),\s*(?<Category>[^,]+),\s*(?<date>\d{4}-\d{2}-\d{2}),\s*(?<time>\d{2}\:\d{2}),\s*(?<Count>\d+),\s*(?<Cpu_Usage_Percentage>[^,]+),\s*(?<Total_Disk_TB>[^,]+),\s*(?<Used_Disk_TB>[^,]+),\s*(?<Total_Memory_GB>[^,]+),\s*(?<Used_Memory_GB>\S+)"
             | table  _time Type Category  Count Cpu_Usage_Percentage Total_Disk_TB Used_Disk_TB Total_Memory_GB Used_Memory_GB
             </query>
           <sampleRatio>1</sampleRatio>
         </search>
         <option name="drilldown">none</option>
       </table>
     </panel>
   </row>
 </form>

I removed the earliest and latest option from the search and also changed the XML to use &lt; for < and the &gt; for >.

hope this helps ...

cheers, MuS

prathapkcsc
Explorer

You don't get my question.
I want to provide dates in drop-down list instead of today,1 day ago,2 days ago etc.
i want to give dates as drop-down list input.

0 Karma

MuS
SplunkTrust
SplunkTrust

ah I see .... let me have a look ....

0 Karma

bandit
Motivator

Updated my previous example to use tokens as input for the date ranges.

<form theme="dark">
  <label>Cascading Date Selector</label>
  <fieldset submitButton="false">
    <input type="radio" token="day_type" searchWhenChanged="true">
      <label>Day Type</label>
      <choice value="*">All</choice>
      <choice value="day_of_week IN (Mon,Tue,Wed,Thu,Fri)">Business Week (Mon-Fri)</choice>
      <choice value="day_of_week IN (Sat,Sun)">Weekends (Sat-Sun)</choice>
      <default>day_of_week IN (Mon,Tue,Wed,Thu,Fri)</default>
    </input>
    <input type="radio" token="year" searchWhenChanged="true">
      <label>Year</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>year</fieldForLabel>
      <fieldForValue>year</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ 
| dedup year 
| table year 
| sort -year</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="month" searchWhenChanged="true">
      <label>Month</label>
      <default>*</default>
      <fieldForLabel>month</fieldForLabel>
      <fieldForValue>month</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ 
| dedup month 
| sort num(month_num) 
| table month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
    </input>
    <input type="dropdown" token="day_of_week" searchWhenChanged="true">
      <label>Day of Week</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>day_of_week</fieldForLabel>
      <fieldForValue>day_of_week</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ 
| dedup day_of_week 
| table day_of_week day_of_week_num 
| sort num(day_of_week_num) 
| table day_of_week</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="dropdown" token="day_of_month" searchWhenChanged="true">
      <label>Day of Month</label>
      <choice value="*">All</choice>
      <fieldForLabel>day_of_month</fieldForLabel>
      <fieldForValue>day_of_month</fieldForValue>
      <search>
        <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort starttime 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$
| dedup day_of_month 
| sort num(day_of_month) 
| table day_of_month</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <default>*</default>
    </input>
    <input type="dropdown" token="date_time_range" searchWhenChanged="true">
      <label>Date</label>
      <choice value="*">All</choice>
      <default>*</default>
      <fieldForLabel>date</fieldForLabel>
      <fieldForValue>time_range</fieldForValue>
      <search>
        <query>| gentimes start=-365 end=1 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_week_num=strftime(starttime,"%w") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval month_num=strftime(starttime,"%m") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search $day_type$ year=$year$ month=$month$ day_of_week=$day_of_week$ day_of_month=$day_of_month$ $date_time_range$ 
| table date time_range</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
    <input type="text" token="days_to_look_back" searchWhenChanged="true">
      <label>Days to look back  365=1 year</label>
      <default>365</default>
    </input>
    <input type="text" token="days_to_look_forward" searchWhenChanged="true">
      <label>Days to look forward 1=Today</label>
      <default>1</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Example query with subsearch to return date ranges as query constraints:</title>
      <html>  
  <strong href="" style="color:white">your base query
[| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$
| sort -starttime
| eval earliest=starttime
| eval latest=endtime
| eval time_range=\"earliest=\"+earliest+\" latest=\"+latest
| eval day_of_week=strftime(starttime,\"%a\")
| eval day_of_month=strftime(starttime,\"%d\")
| eval year=strftime(starttime,\"%Y\")
| eval month=strftime(starttime,\"%b\")
| eval date=strftime(starttime,\"%a %m-%d-%Y\")
| search year="+"$"+"year"+"$"+" month="+"$"+"month"+"$"+" day_of_month="+"$"+"day_of_month"+"$"+" day_of_week="+"$"+"day_of_week"+"$"+" "+"$"+"day_type"+"$"+" "+"$"+"date_time_range"+"$"+" 
| table earliest latest
| return 1000 earliest latest]
</strong>
  </html>
    </panel>
  </row>
  <row>
    <panel>
      <title>Dates</title>
      <table>
        <search>
          <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$
| table year month day_of_month day_of_week date time_range</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">100</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="year">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_month">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="day_of_week">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
    <panel>
      <title>Date  Constraints Returned</title>
      <table>
        <search>
          <query>| gentimes start=-$days_to_look_back$ end=$days_to_look_forward$ 
| sort -starttime 
| eval earliest=starttime 
| eval latest=endtime 
| eval time_range="earliest="+earliest+" latest="+latest 
| eval day_of_week=strftime(starttime,"%a") 
| eval day_of_month=strftime(starttime,"%d") 
| eval year=strftime(starttime,"%Y") 
| eval month=strftime(starttime,"%b") 
| eval date=strftime(starttime,"%a %m-%d-%Y") 
| search year=$year$ month=$month$ day_of_month=$day_of_month$ day_of_week=$day_of_week$ $day_type$ $date_time_range$ 
| table earliest latest 
| return 1000 earliest latest</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">true</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</form>

 

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...