Solved: How do I navigate forward in the timeline?

sspalding · ‎09-07-2010

For example, the timeline is showing 07:59:00 to 08:00:00 (I'm using "reverse").

When I "zoom out" it goes in the wrong direction, ie. 07:58:00 to 08:00:00

I want to move forward 1 minute (to 08:01:00) without having to type out the full date/time in the "custom time" dialog.

Is this possible?

PS. why doesn't "zoom out" keep the current period in the middle of the zoomed out section? wtf?

PPS. why doesn't the custom time dialog have the currently displayed time period already entered in it?

sideview · ‎09-16-2010

Yea, the custom time period should really have the absolute-time version of current timerange prepopulated. ie even if it's 'last 30 minutes' it would be nice if it prepopulated to the absolute values thereof.

As to why zoom out doesnt move the right side, we tried it both ways ages ago. This is mostly because it's far more common for people to zoom out on a relative time where the right side of the timeline is basically 'now' -- and in that case if we were to zoom out on the right side it would just bring in future time where there are no events. A few other considerations but that's the main one.

The only helpful thing i can give you is that if you're starting at 7:58 to 8:00, and you zoom out only once you will indeed get something like 7:54 to 8:00. But you can zoom out several times and you can do it in quick succession. In other words you dont have to wait at all in between clicks.

After some number of quick clicks (probably something like 7), the right side of the timeline actually will finally snap out to the right. In your example the right side will move at the point when the left side starts jumping in units of days. So when the left side snaps to the previous day's midnight, it will snap forward the end time from 8:00 to midnight of that day.

Then give it a couple seconds to render the flashtimeline, select the 8:00-9:00 bucket, or drag-select the two buckets from 7:00 to 9:00, and click zoom in.

It sounds kinda weird (because it is) but it does work and its quicker than typing in all the fields into the calendar.

View solution in original post

sideview · ‎09-16-2010

Yea, the custom time period should really have the absolute-time version of current timerange prepopulated. ie even if it's 'last 30 minutes' it would be nice if it prepopulated to the absolute values thereof.

As to why zoom out doesnt move the right side, we tried it both ways ages ago. This is mostly because it's far more common for people to zoom out on a relative time where the right side of the timeline is basically 'now' -- and in that case if we were to zoom out on the right side it would just bring in future time where there are no events. A few other considerations but that's the main one.

The only helpful thing i can give you is that if you're starting at 7:58 to 8:00, and you zoom out only once you will indeed get something like 7:54 to 8:00. But you can zoom out several times and you can do it in quick succession. In other words you dont have to wait at all in between clicks.

After some number of quick clicks (probably something like 7), the right side of the timeline actually will finally snap out to the right. In your example the right side will move at the point when the left side starts jumping in units of days. So when the left side snaps to the previous day's midnight, it will snap forward the end time from 8:00 to midnight of that day.

Then give it a couple seconds to render the flashtimeline, select the 8:00-9:00 bucket, or drag-select the two buckets from 7:00 to 9:00, and click zoom in.

It sounds kinda weird (because it is) but it does work and its quicker than typing in all the fields into the calendar.

sspalding · ‎10-05-2010

Thanks Nick. It's a bit tricky to pull off but it works.

How do I navigate forward in the timeline?

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk