Solved: Refine Search, Create Alert, Search Time Range Cha...

andrewkenth · ‎12-27-2013

In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of Yesterday. Yesterday could be relative but that would be Last 1 day (Beginning of day) until Today (Beginning of today).

Is this user error? A bug?

Thanks for your feedback!

Andrew

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

View solution in original post

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

di2esysadmin · ‎02-13-2014

I'm have a similar issue. Have saved a search to be "today". When I go back and edit it, it's set to "last 1 hour". Thus it isn't firing as it should.

Running 6.0.1.

I thank you as well.

Karla

Refine Search, Create Alert, Search Time Range Changed!?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation