Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I create a new column in time presets?

andrewtrobec
Motivator
‎01-13-2021 02:29 AM

Hello,

This is for Splunk Enterprise 7.2.6.

I am trying to separate the time presets so that they are divided into columns of my choice.  Here is what I want (on the left what I currently have, on the right what I would like to have):

Untitled.png

According to times.conf, I should be able to do this by assigning values to "order".  In this case I am assigning 100, 110, 120, and 130 to the first four, and 800, 810, 820, 830, and 840 to the remaining values.

I have noticed, though, that when I change the "latest_time" value for one of the values, then it gets moved to a new column.  In my case the "lastest_time" must always be set to "@d".

Have I misunderstood something?  Is there any way to get my desired result?

Thank you and best regards,

Andrew

0 Karma
Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...