Dashboards & Visualizations

How to change my earliest and latest time in the search string (not using timerange picker to change)

shariinPH
Contributor

Hello ! 🙂
I want to change my earliest and latest time in line with my search string. I dont have to use the time range picker because it has a separate date range.

index=rbi sourcetype=change earliest=-1month@month latest=@month|stats latest(cm_actualsched) as pmas

thanks for the help splunkers!

0 Karma
1 Solution

jeffland
Champion

I believe that when you set latest=now() and leave earliest blank, you get an all time search.

View solution in original post

twollenslegel_s
Splunk Employee
Splunk Employee

Per https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/SearchTimeModifiers earliest=1 should be used.

If you want to search events from the start of UNIX time, use earliest=1.

When earliest=1 and latest=now() are used, the search runs over all time.

0 Karma

jeffland
Champion

I believe that when you set latest=now() and leave earliest blank, you get an all time search.

shariinPH
Contributor

thanks @jeffland!

0 Karma

gyslainlatsa
Motivator

hi shariinPH,
try use this change -1month@month by -1mon@mon and @monthby @mon

 index=rbi sourcetype=change earliest=-1mon@mon  latest=@mon|stats latest(cm_actualsched) as pmas

Nb: I using the splunk 6.2.2
try and let me know.

0 Karma

gyslainlatsa
Motivator

put earliest=0 and latest=now()

please validate my answer

gyslainlatsa
Motivator

validate the answers for gyslainlatsa

0 Karma

gyslainlatsa
Motivator

please validate my answers and not your comments

0 Karma

shariinPH
Contributor

Hi gyslainlatsa, thanks for your answer 🙂 but i want to change that months into all time . so my earliest should be the first indexed data and my latest should be the latest indexed data .. do you know how to do it?

Cheers 🙂

0 Karma

shariinPH
Contributor

@gyslainlatsa

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...