Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Re: Custom time range picker (first quater...)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
is possible first quater, second quater.. insert to into time range picker?
thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - you can do it by editing the configuration file - times.conf. Or, you can go into Splunk Manager » User interface » Time ranges and create a new time range there. You should be careful and look at the documentation for times.conf.
Here is a link to Change the time range... in the Splunk User manual.
You could set something like this:
[ByQuarters]
label = By Quarters
order = 300
is_sub_menu = 1
[quarter_to_date]
label = Current quarter to date
header_label = from the first day of the quarter
earliest_time = @q
latest_time = now
order = 310
sub_menu = By Quarters
[LastQuarter]
label = Last Quarter
header_label = from beginning of previous quarter to the beginning of this quarter
earliest_time = -1q@q
latest_time = @q
order = 320
sub_menu = By Quarters
[q1]
label = First Quarter this Year
header_label = from January 1 through March 31
earliest_time = @y
latest_time = @y+1q
order = 330
sub_menu = By Quarters
[q2]
label = Second Quarter this Year
header_label = from April 1 through June 30
earliest_time = @y+1q
latest_time = @y+2q
order = 340
sub_menu = By Quarters
etc
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - you can do it by editing the configuration file - times.conf. Or, you can go into Splunk Manager » User interface » Time ranges and create a new time range there. You should be careful and look at the documentation for times.conf.
Here is a link to Change the time range... in the Splunk User manual.
You could set something like this:
[ByQuarters]
label = By Quarters
order = 300
is_sub_menu = 1
[quarter_to_date]
label = Current quarter to date
header_label = from the first day of the quarter
earliest_time = @q
latest_time = now
order = 310
sub_menu = By Quarters
[LastQuarter]
label = Last Quarter
header_label = from beginning of previous quarter to the beginning of this quarter
earliest_time = -1q@q
latest_time = @q
order = 320
sub_menu = By Quarters
[q1]
label = First Quarter this Year
header_label = from January 1 through March 31
earliest_time = @y
latest_time = @y+1q
order = 330
sub_menu = By Quarters
[q2]
label = Second Quarter this Year
header_label = from April 1 through June 30
earliest_time = @y+1q
latest_time = @y+2q
order = 340
sub_menu = By Quarters
etc
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello lguinn
Thanks for the quick response.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can set custom configurations in times.conf, place a times.conf in $SPLUNK_HOME/etc/system/local/ or in $SPLUNK_HOME/etc/apps/<your_app>/local/
Fun with Regular Expression - multiples of nine
[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...
What’s New & Next in Splunk SOAR
