@phanTom In a large organization as you may know, the focus and expectations of users can be vary widely. It sounds like your energy may be low for a feature request to allow customization of the Phantom dashboard time filters. With one of my many roles being a Phantom admin, I do not desire to understand and maintain an additional setting that someone suggests is value added to Phantom unless several folks agree with it. What are your thoughts on a feature request for text next to the time filter dropdown that communicates the create time of the oldest container record or something similar to give the user more info about the data in the Phantom dashboard (see1st screenshot below)? Do you think that the Phantom community would be more supportive of it? As a comparison, the Splunk Enterprise search dashboard has a graph to indicate that amount of data available (see second screenshot below). Custom Splunk Enterprise dashboards much more capabilities to fulfill user requests like this one than the Phantom product. For a more direct comparison, a Splunk Enterprise user can select their own home dashboard (custom or not) in the Search app (see third screenshot below).

@jeffrey_berry I understand the ask but Splunk doesn't do this so not sure the benefit. Surely if you put 1y and only have 9months of data it will only show 9months and I wouldn't call that misleading as such?

However if you feel it worthy please add an idea to https://ideas.splunk.com/ and get people to up-vote it. This has been very successful in getting some great features into the platform! E.G. I asked for the scope toggle on action blocks and it only took a few months to make it to the platform!