Help Center Logpoint Docs Idea Portal Logpoint.com
Question

Using Timestamp in Search Template Variable?

  • 21 March 2022
  • 4 replies
  • 203 views
markus.nebel@8com.de
Userlevel 4
Badge +8

Is it somehow possible to use a timestamp in a search template variable?

For example I want to compare log_ts to be between two timestamps.

Therefore I added “fields” in the template config and added them to base queries. But it always either complains about the quotes (“) or the slashes inside the timestamp string (e.g. "2022/03/10 08:30:22").

See the example below:

If I now use the base queries in widget, it throws the said errors.

Detailed configuration to reproduce as follows:

Fields: 

Field Display Text Value
start_session_timestamp Session Start Timestamp 2022/03/10 08:30:22
end_session_timestamp Session End Timestamp 2022/03/10 09:30:22

 

Basequeries:

step2_between_timestamps 
log_ts >= "{{ start_session_timestamp }}" log_ts <= "{{ end_session_timestamp }}"

 

 

Widget:

Name Test
Query 
{{step2_between_timestamps}}

 
Timerange 1 Day

Is this a bug or am I doing it wrong?

4 replies

Mike Blomgren
Rank
Userlevel 1

Hi,

In the Search Template, there is an option to select the Time Range - which effectively uses col_ts. Instead of having two input fields, you can use the “Override widget time range” option, and in the drop-down select “Custom range...”.

Would that be a viable solution?

markus.nebel@8com.de
Userlevel 4
Badge +8

Hello Mike Blomgren,

 

unfortunately this is not what I want.

The search timerange should be e.g. 7 days, while the timestamps I want to use in the variables should define a second timerange within the 7 days.

The idea is that there is a widget showing the results of the 7 days and the timestamps. Then I can copy & paste the timestamps I want to have a deeper look into the variable fields which are then used in a second widget.

A

Perhaps @Basudev Raut has some input on this?

Rupsan Shrestha
Rank
Userlevel 2
Badge +3

Hi Markus,

I tried to reproduce this problem and found some issues:

  1. In the snapshot you shared, the base-queries have the quotes (“), and so do the values. This when parsed into the search engine converts to something like this  
    log_ts >= ""2022/03/10 08:30:22"" log_ts <= ""2022/03/10 08:30:22""

    This is because the placeholder is replaced with exactly whats in the value field.

I would configure this as shown below if i were to fulfill this use case (notice the use of quotes in the value field and no quotes in the base-query);

 

  1. I see a difference in timestamp formats in different versions of Logpoint. Eg LP 7:

    This might not be the case for you depending on the version of Logpoint. But please make sure you are using the appropriate format for the timestamp depending on the version

(Note: The timestamp format you shared matches with version prior to LP 7.0)

Please let me know if this helps. 

Best Regards, Rupsan

Reply


Terms & ConditionsCookie settings