Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Drill-down Search Earliest Latest Offset

Splunk_Fabi
Observer
‎12-16-2024 06:11 AM

When I edit a correlation search, I want to configure the time of the drill-down search. 

If I put "1h" in the form "Earliest Offset", it inputs the unix time stamp in milliseconds. Splunk expects the unix time stamp in seconds. Is there a workaround for this issue?

Splunk_Fabi_1-1734358080924.png

-> 

Splunk_Fabi_2-1734358160494.png


Correct would be:

Splunk_Fabi_3-1734358215056.png

 

 

Labels (2)
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎12-17-2024 07:46 PM

@Splunk_Fabi Hello, which version of ES are you using? I have seen a similar bug in 7.3.2 (a fix might be on the future roadmap). If you are on 7.3.2, please file a ticket with Splunk Support to expedite the issue.

 

 

 

If this Helps, Please Upvote.

 

 

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...