Solved: Re: Refine Search, Create Alert, Search Time Range...

andrewkenth · ‎12-27-2013

In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of Yesterday. Yesterday could be relative but that would be Last 1 day (Beginning of day) until Today (Beginning of today).

Is this user error? A bug?

Thanks for your feedback!

Andrew

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

View solution in original post

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

di2esysadmin · ‎02-13-2014

I'm have a similar issue. Have saved a search to be "today". When I go back and edit it, it's set to "last 1 hour". Thus it isn't firing as it should.

Running 6.0.1.

I thank you as well.

Karla

Refine Search, Create Alert, Search Time Range Changed!?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation