Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Limiting date/time selector to any range with maximum of x hours.

kennsche
New Member
‎07-22-2025 05:36 AM

Hello everyone, I am using Splunk Studio to create a dashboard with two tabs. Enterprise version 9.4.1.

Both tabs are visually identical but in tab 1, I am quering summarized indexes whereas for the second tab, I am running normal queries. 'Normal' queries in this tab can be very intensive if a long time range is selected, therefore, I am trying to limit the time selection to a maximum range of two hours. It could be in any day but the duration between start and end time should not exceed 2 hours. (Not latest 2hours)

I've tried editing XML by following some AI suggestions. Most suggestions relied on changing the query itself but this was breaking the query and returning no results in the end.

Wondering if someone has already any insights how to do this or could guide me in the right direction?

Visually it would look like this:
kennsche_0-1753187495735.png

Labels (1)
Labels
Tags (2)
0 Karma
Reply

kennsche
New Member
‎07-22-2025 06:26 AM

Hi @gcusello thanks for the suggestion!

Since I have two tabs, would the role approach be granular enough to limit the search to one tab within the same dashboard? The other tab should not be limited.

Regards
Kenny

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-22-2025 06:34 AM

Hi @kennsche ,

the role limitations are for all searches and dashboards.

So you could create a role with the time window limitation, assigning this role some of your users and enable to use the dashboard only that role.

Otherwise, the only solution is to create a list of possible time periods (e.g. 5m, 10m, 15m, 30m, 60m 90m, 120m) and display it in a dropdown list.

But this solution is applicable only to a dashboard, not to search.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-22-2025 05:50 AM

Hi @kennsche ,

in [Settings > User interface > Time ranges] you can define the time ranges that a role finds in the default choices, but you don't limit the possibility to have a larger time period.

So the most efficient way to really limit the time period in searches, is to create a role dedicated to your users and then add a limit in [Settings > Roles > Click on role > Resources > Role search time window limit].

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...