Hello everyone, I'm faced with an issue of using Time Range Picker.
When I put into search bar with this "sourcetype=sudo" and press enter, while leaving the Time Range Picker to default(past 24 hours), no data returns.
However, it works if I issue this: sourcetype=sudo earliest=-24h
Is there anything I lost attention to?
I'm setting up a test environment with a trial version Splunk 8.0 ,with 2 search heads, 2 peer nodes and 1 UF. One of the peer nodes performs the role of heavy forwarder. \