Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Time Input to Form Not Working

$
0
0
Maybe I've been overthinking this, but for the life of me I cannot get my Time Input to my form working! I'm using this documentation: http://docs.splunk.com/Documentation/Splunk/6.1.1/Viz/FormEditor#Add_a_time_input_to_a_for and this is my search string from my report: index=main sourcetype=audit_main source=AUDIT_LOGS OS_USERNAME=%username% I didn't see anything in the documentation that says I need to edit this search string. Even more importantly, however, I do not see a "Search Icon" when I go to edit a panel, let alone an option to "Edit Search String" or use a Shared Time Picker. That said, I was able to get this partially working by playing around with the timerange a bit. My query works for items like last 15 minutes, last 24 hours, last 7 days, etc.....everything BUT for "All time". If I select "All time", get an error saying that they couldn't parse the search because of a comparator operator (Error in 'search' command: Unable to parse the search: Comparator '=' is missing a term on the right hand side.). My source code is as follows:
Audit Log from Unified Audit Trail (custom table).
**-24h@hnow
Customized Audit Logindex=main sourcetype=audit_main source=AUDIT_LOGS OS_USERNAME=$username$ earliest=$timerange.earliest$ latest=$timerange.latest$1
What is going on? What am I doing wrong? Would greatly appreciate any help!

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>