I have panel which performs the look up on the csv file and have the additional code as below.
| eval _time=strptime(date,"%m/%d/%Y")
| where _time>=relative_time(now(),"-1q")
Now currently I have hard coded the the time range for last quarter data. When I tried to connect this panel to the Shared Time Picker, the values weren't getting updated as per the collection.
You advice would be appreciated!!
@khojas02 if you are using Splunk's Time Picker input then you can either use <change>
event handler with <eval>
to format selected time to epoch or string time as per your final format or use independent search to pass time picker inputs and use addinfo
in the SPL to get the time as epoch or string as per your need and pass the same as token to your search. Both the approaches have been explained in one of my previous answers. Please refer to the same to understand each approach: https://answers.splunk.com/answers/578984/running-one-of-two-searches-based-on-time-picker-s.html
PS: While using string time ensure you have time in format ensure %Y/%m/%d
format so that data remains sorted and filter can also be applied correctly on string time.
It looks like date is fixed value.