I want to add a preset search time of 3 days. I know you can go to relative 3 days ago, but would be preferred to have it as a preset.
Yes, that's pretty simple if you're an admin on the search head. Check out this previous answer for how to do it: https://answers.splunk.com/answers/209020/is-it-possible-to-create-a-custom-preset-for-previ.html
View solution in original post
@jared_anderson, you can add Time Range in preset using Splunk UI Settings> User Interface > Time rages > Add New or directly through times.conf configuration file.
Settings> User Interface > Time rages > Add New
times.conf
Refer to documentation: http://docs.splunk.com/Documentation/Splunk/latest/Admin/timesconf
