![]() However, time ranges specified directly in the base search do not apply to subsearches. Time ranges selected from the Time Range Picker apply to the base search and to subsearches. Because the search does not specify the latest time modifier, the default value now is used for latest.įor more information, see Specify time modifiers in your search in the Search Manual. The search uses the time specified in the time modifier and ignores the time in the Time Range Picker. You add the time modifier earliest=-2d to your search syntax. When you use a time modifier in the SPL syntax, that time overrides the time specified in the Time Range Picker.įor example, suppose your search uses yesterday in the Time Range Picker. This example uses which is a date format variable. Searching with relative time modifiers, earliest or latest, finds every event with a timestamp beginning, ending, or between the specified timestamps.įor example, when you search for the search finds every event with a _time value since midnight. This timestamp, which is the time when the event occurred, is saved in UNIX time notation. When an event is processed by Splunk software, its timestamp is saved as the default field _time. Before any user clicks a visualization, a pie chart visualization will display the results for POST, preventing an empty visualization.Use time modifiers to customize the time range of a search or change the format of the timestamps in the search results. The example also sets the default value POST on the token method. Notice how the token is given the name method in the column chart's options and how that name is used in the token name syntax as $method$ in Search_2. The following is a source code example of setting a token. The data connection between the two visualizations is achieved by setting up a token on the column chart $method$= and passing the $method$ token to the search in the pie chart. When users click on a method in the column chart, the pie chart shows a breakdown of all response codes for the clicked method. One is a column chart that displays HTTP methods and their usage frequency, and the other is a pie chart that shows the analysis of HTTP response codes for a given HTTP method. You can specify a token that passes along information between different visualizations. To set default token values for inputs, see Adding and configuring inputs. The following is an example of a defaults section after a token receives a default setting. After setting your default, the defaults section of your dashboard definition updates with a tokens section. You can set a default token in the UI by navigating to the Drilldown Settings of the Configuration panel and following the steps for setting a token. Use default tokens to display data and prevent empty visualizations. Without a default token, a visualization will remain blank until a user interacts with a dashboard element associated with a token. For example, a token can update when a user clicks on a visualization. ![]() A token's value will change and update when users interact with dashboard elements. Add your token to a search or visualization within your dashboard.Ī token's default value exists for the moments before a user has interacted with a dashboard component.For more details about default token values, see Default token. (Optional) In the Default Value field, enter a default value.row.value is the value in the specified series corresponding to the location clicked.value is the value of the location clicked.name is the field name of the value/location clicked.In the Choose an event field, select either name, value, or row.value.Token names are used to reference the token elsewhere in the dashboard with the $token_name$ syntax ![]() In the Create a name field, type a name for your token.A predefined token captures information to display dynamically. ![]()
0 Comments
Leave a Reply. |