I am trying to change the time range in the search bar but i am not able to get the time i want...
Here is a screenshot of what i get :
Do you have any idea of why i get these results?
In my query i do :
eval _time=my_unix_time_column | eval nowstring=strftime(now(), "%Y-%m-%d")
My highest value : 1558539900 and my lowest one : 1545145873
Thank you very much!
Fix your props.conf to set
_time to the correct value. In the meantime, set your
Time picker to something appropriately large and then do your search and tack on this:
... | where YourOtherTimeField >= relative_time(now(), "-90d")
@gaspnico57 please add more details to your question. What is it that you are trying to do and what is not working as expected.
Based on the query snippet, you are overriding
my_unix_time_column and showing current day as string time with
YYYY-mm-dd format. It does not say what is the issue you are facing.
The time range picker value applies to Event Timestamp field which is _time. If you want to apply Time Range Filter to my_unix_time_column you should enable the same through props.conf while indexing the data by picking up the correct timestamp for the event.
As a workaround (non-efficient) you would need to get the epoch time from Time range picker and apply the same to
my_unix_time_column field in your data. However, the search query would need to run for all time or with buffer time to ensure that all events with
my_unix_time_column in the range of Time Picker earliest and latest epoch is pulled from index.
Refer to one of my older answers to set earliest and latest epoch time from Time Range filter. https://answers.splunk.com/answers/578984/running-one-of-two-searches-based-on-time-picker-s.html