Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can we pass time from a search to time picker and all other panels?

splunker9999
Path Finder
‎06-26-2017 07:44 AM

Hi,

We have 2 inputs
1 .Input has some base search and it gives some time value(consider peak time)
Ex: time value is as 03/21/2016 09:00:00

  1. 2nd Input is time picker, We need to pass peaktime on to time picker as earliest time and latest time should be 1min greater than earliest time.
    Ex: earliesttime = 03/21/2016 09:00:00 and latesttime = earliesttime + 1min(03/21/2016 09:01:00)

  2. All dashboard panels will take 2nd input as time value.

Can someone please help us with this customization?

Thanks

Tags (1)
0 Karma
Reply

maciep
Champion
‎07-02-2017 05:44 AM

Something like this maybe?

<form>
  <label>Playing Around</label>
  <fieldset submitButton="true">
    <input type="dropdown" token="t_use_time" searchWhenChanged="true">
      <label>Found Time</label>
      <fieldForLabel>show_time</fieldForLabel>
      <fieldForValue>use_time</fieldForValue>
      <selectFirstChoice>true</selectFirstChoice>
      <search>
        <query>| tstats latest(_time) as last where index=_internal 
| eval use_time = relative_time(last,"-4h")
| eval show_time = strftime(use_time,"%D %H:%M:%S")</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <change>
        <eval token="form.t_time.earliest">$value$</eval>
        <eval token="form.t_time.latest">relative_time($value$,"+1m")</eval>
      </change>
    </input>
    <input type="time" token="t_time" searchWhenChanged="true" depends="my_earliest">
      <label>Choose Time:</label>
      <default>
        <earliest>-1h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>Test</title>
        <search>
          <query>|  tstats count where index=_internal by sourcetype</query>
          <earliest>$t_time.earliest$</earliest>
          <latest>$t_time.latest$</latest>
        </search>
        <option name="drilldown">none</option>
      </table>
    </panel>
  </row>
</form>

The dropdown is simple search to get a "peak" time. When that dropdown changes, it sets the earliest/latest values of the timepicker accordingly - earliest is the value of the dropdown, latest is the value in the dropdown + 1 minute. Then the panel uses the timepicker's earliest/latest value.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...