Solved: Refine Search, Create Alert, Search Time Range Cha...

andrewkenth · ‎12-27-2013

In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of Yesterday. Yesterday could be relative but that would be Last 1 day (Beginning of day) until Today (Beginning of today).

Is this user error? A bug?

Thanks for your feedback!

Andrew

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

View solution in original post

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

di2esysadmin · ‎02-13-2014

I'm have a similar issue. Have saved a search to be "today". When I go back and edit it, it's set to "last 1 hour". Thus it isn't firing as it should.

Running 6.0.1.

I thank you as well.

Karla

Refine Search, Create Alert, Search Time Range Changed!?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation