Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Drill-down Search Earliest Latest Offset

Splunk_Fabi
Observer
‎12-16-2024 06:11 AM

When I edit a correlation search, I want to configure the time of the drill-down search. 

If I put "1h" in the form "Earliest Offset", it inputs the unix time stamp in milliseconds. Splunk expects the unix time stamp in seconds. Is there a workaround for this issue?

Splunk_Fabi_1-1734358080924.png

-> 

Splunk_Fabi_2-1734358160494.png


Correct would be:

Splunk_Fabi_3-1734358215056.png

 

 

Labels (2)
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎12-17-2024 07:46 PM

@Splunk_Fabi Hello, which version of ES are you using? I have seen a similar bug in 7.3.2 (a fix might be on the future roadmap). If you are on 7.3.2, please file a ticket with Splunk Support to expedite the issue.

 

 

 

If this Helps, Please Upvote.

 

 

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...