Solved: Refine Search, Create Alert, Search Time Range Cha...

andrewkenth · ‎12-27-2013

In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of Yesterday. Yesterday could be relative but that would be Last 1 day (Beginning of day) until Today (Beginning of today).

Is this user error? A bug?

Thanks for your feedback!

Andrew

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

View solution in original post

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

di2esysadmin · ‎02-13-2014

I'm have a similar issue. Have saved a search to be "today". When I go back and edit it, it's set to "last 1 hour". Thus it isn't firing as it should.

Running 6.0.1.

I thank you as well.

Karla

Refine Search, Create Alert, Search Time Range Changed!?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

Refine Search, Create Alert, Search Time Range Changed!?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine