Solved: Re: how to suppress "Your timerange was substitute...

taozi021 · ‎09-25-2010

if i use earliest or latest in saved search,and use it in view, the annoying message will appear! how i can suppress it or eliminate it?

William · ‎09-27-2010

One method is to modify the func "getHTMLTransform" in the "Message.js" to compare and filter your message exactly, for e.g.

getHTMLTransform: function(){
    var html = [];
    for(var i=0; i<this.messages.length; i++){
        var message = this.messages[i];
        if (message.content == "Your timerange was substituted based on your search string") {
            continue;
        };
        html.push('<li class="'+message.level+'">');
        html.push(this.getWikiTranform(message.content));
        html.push('</li>');
    }
    return html.join('');
}

View solution in original post

William · ‎09-27-2010

One method is to modify the func "getHTMLTransform" in the "Message.js" to compare and filter your message exactly, for e.g.

getHTMLTransform: function(){
    var html = [];
    for(var i=0; i<this.messages.length; i++){
        var message = this.messages[i];
        if (message.content == "Your timerange was substituted based on your search string") {
            continue;
        };
        html.push('<li class="'+message.level+'">');
        html.push(this.getWikiTranform(message.content));
        html.push('</li>');
    }
    return html.join('');
}

gkanapathy · ‎09-27-2010

This change will get overwritten every time you upgrade without any prompting. This includes installations of service releases.

gkanapathy · ‎09-25-2010

Well, the simplest way is to not put the time range in the search string, but to use the earliest and latest paramters instead. These are available in saved searches, and can be specified in views.

therealdpk · ‎10-21-2012

This error still appears even if you specify earliest and latest, at least in 4.3.2, FWIW.

taozi021 · ‎09-25-2010

i have defined time range as a macro which make saved search more fiexible. there are many savesearch used the macro.thanks gkanapathy!

southeringtonp · ‎09-25-2010

Variations of this question keep coming up. You can suppress it with the filter param of the Message module in advanced XML, but you'll filter out other messages as well.

Take a look at the following threads:

http://answers.splunk.com/questions/6372/your-timerange-was-substituted-based-on-your-search-string-...

http://answers.splunk.com/questions/6173/suppress-lookup-table-alert-in-message-module

http://answers.splunk.com/questions/3123/message-module-filter-values

While you're at it, you might also submit an enhancement request to Splunk and ask for more targeted filtering.

southeringtonp · ‎09-26-2010

Unless you can take it out of the search string altogether as gkanapathy suggests, I don't know of a cleaner solution. You could do something with CSS but that gets ugly fast. Remember though that converting to advanced XML might not be as bad as you think, since Splunk will do most of the work for you if you add ?showsource=1 to the URL of your existing view.

taozi021 · ‎09-25-2010

thanks a lot! while i have a large number of views(which not build in advanced way but in dashboard or form). i cannot transform all of them to advanced views, so there is other elegant solution? southeringtonp, thanks again!

how to suppress "Your timerange was substituted based on your search string" message?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life