Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Limiting date/time selector to any range with maximum of x hours.

kennsche
New Member
‎07-22-2025 05:36 AM

Hello everyone, I am using Splunk Studio to create a dashboard with two tabs. Enterprise version 9.4.1.

Both tabs are visually identical but in tab 1, I am quering summarized indexes whereas for the second tab, I am running normal queries. 'Normal' queries in this tab can be very intensive if a long time range is selected, therefore, I am trying to limit the time selection to a maximum range of two hours. It could be in any day but the duration between start and end time should not exceed 2 hours. (Not latest 2hours)

I've tried editing XML by following some AI suggestions. Most suggestions relied on changing the query itself but this was breaking the query and returning no results in the end.

Wondering if someone has already any insights how to do this or could guide me in the right direction?

Visually it would look like this:
kennsche_0-1753187495735.png

Labels (1)
Labels
Tags (2)
0 Karma
Reply

kennsche
New Member
‎07-22-2025 06:26 AM

Hi @gcusello thanks for the suggestion!

Since I have two tabs, would the role approach be granular enough to limit the search to one tab within the same dashboard? The other tab should not be limited.

Regards
Kenny

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-22-2025 06:34 AM

Hi @kennsche ,

the role limitations are for all searches and dashboards.

So you could create a role with the time window limitation, assigning this role some of your users and enable to use the dashboard only that role.

Otherwise, the only solution is to create a list of possible time periods (e.g. 5m, 10m, 15m, 30m, 60m 90m, 120m) and display it in a dropdown list.

But this solution is applicable only to a dashboard, not to search.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-22-2025 05:50 AM

Hi @kennsche ,

in [Settings > User interface > Time ranges] you can define the time ranges that a role finds in the default choices, but you don't limit the possibility to have a larger time period.

So the most efficient way to really limit the time period in searches, is to create a role dedicated to your users and then add a limit in [Settings > Roles > Click on role > Resources > Role search time window limit].

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...