In Splunk 6.6, why has the "Schedule Window" setti...

ryandg · ‎07-05-2017

After upgrading from 6.5 to 6.6, the "Schedule Window" parameter in Splunk Web was moved from being right below the cron schedule box to being hidden away under the settings --> alert and reporting --> edit --> advanced edit --> bottom of a long list of weird parameters.

This is entirely non-intuitive for our basic users, is there anyway to get it back to where it used to be?

reedmohn · ‎09-05-2017

Could this be a permissions / rights issue?

On 6.5 (not 6.6) I got feedback from users they can't see the Schedule Window setting under "Edit".
These users have a role with the edit_search_schedule_window capability.
However, clicking the report name from under "Settings->Searches, reports and alerts" will show the box in the right place.

I, with my Admin role, can see the Schedule Window under the cron schedule box in all places I expect to see it.

ngerosa · ‎07-05-2017

Hi ryandg,
From the docs:
"Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, just reinstall it."

In Splunk 6.6, why has the "Schedule Window" setting for alert become non-intuitive for users?

Index This | A sphere has three, a circle has two, and a point has zero. What is it?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)