Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I create a new column in time presets?

andrewtrobec
Motivator
‎01-13-2021 02:29 AM

Hello,

This is for Splunk Enterprise 7.2.6.

I am trying to separate the time presets so that they are divided into columns of my choice.  Here is what I want (on the left what I currently have, on the right what I would like to have):

Untitled.png

According to times.conf, I should be able to do this by assigning values to "order".  In this case I am assigning 100, 110, 120, and 130 to the first four, and 800, 810, 820, 830, and 840 to the remaining values.

I have noticed, though, that when I change the "latest_time" value for one of the values, then it gets moved to a new column.  In my case the "lastest_time" must always be set to "@d".

Have I misunderstood something?  Is there any way to get my desired result?

Thank you and best regards,

Andrew

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...