Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I search with a self adjusting time?

fmerrow
New Member
‎04-28-2016 04:59 PM

So on the GUI I have been looking at the various time pickers . . . specifically "Date & Time" and "Advanced".

I see advanced in particular can do limited arithmetic (@d-1m), etc.

Basically, what I am hoping for, is for the user to cut a date/time out of a log, then come to say "Advanced" and do the following:

In Earliest have something prepopulated like lastest-2m and in Latest paste the copied value.

Now I realize the same could be accomplished with "Date&Time", except the date needs to be pasted twice and then earliest needs to be played with by hand.

I am hoping to get this down to a single paste and no hand editing . . . just paste and search.

Is that possible?

Frank

0 Karma
Reply

woodcock
Esteemed Legend
‎04-30-2016 07:39 PM

This can be done by creating your own form:

http://docs.splunk.com/Documentation/Splunk/6.4.0/Viz/FormEditor
http://docs.splunk.com/Documentation/Splunk/6.4.0/Viz/Buildandeditforms

0 Karma
Reply

fmerrow
New Member
‎05-02-2016 08:16 AM

Interesting . . . I'll check it out. Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...