- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Custome Time picker
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Custome Time picker
in below query its showing time picker data or time as per time picker. but i want if i select last 30 days in time picker it should show date of last 30 days ,if i select date range it should be show same date in my coloum and if select last last month it should be showing date on start date
tsest _time
<input type="time" token="timepicker">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<panel>
<table>
<search>
<query>| makeresults |eval start_date="$timepicker.earliest$", end_date="$timepicker.latest$"|table start_date,end_date</query>
<earliest>$timepicker.earliest$</earliest>
<latest>$timepicker.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<option name="count">20</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
</panel>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is your issue fixed?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@abhishekdubey006 refer to one of my older answer where based on the time picker selection, the earliest and latest time is set as String Time and Epoch Time (along with duration) using two options. https://answers.splunk.com/answers/578984/running-one-of-two-searches-based-on-time-picker-s.html
Please try out and confirm!
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As per my understanding, I have designed the below query which prints the start date and end date according to the date selected in the time picker,
| makeresults
| eval start_date="$timepicker.earliest$", end_date="$timepicker.latest$"
| eval x = if(isnum(start_date),start_date,relative_time(now(), start_date))
| eval y = if(isnum(end_date),end_date,case(end_date == "now", now(), end_date == "", now(), 1=1,relative_time(now(), end_date)))
| convert timeformat="%d-%m-%Y %H:%M:%S" ctime(x) AS StartDate
| convert timeformat="%d-%m-%Y %H:%M:%S" ctime(y) AS EndDate
| table StartDate, EndDate
It handles all the cases, which are present in the time picker except real time as make result doesn't support that.
Supported cases are given below,
- presets
- relative
- date range
- date and time range
- advanced
Note:
- In case you select any time range in which the time interval becomes [beginning of time, any time] then the start date will be empty.
Happy Splunking!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
If you are looking to display the date, you can do the following:
| makeresults |stats earliest(_time) as start_date, latest(_time) as end_date
|eval start_date=strftime(start_date, "%D"), end_date=strftime(end_date, "%D")
|table start_date,end_date
Index This | I’m short for "configuration file.” What am I?
New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...
Your Guide to SPL2 at .conf24!
