Solved: How do we change the default search period to one ...

danielbb · ‎10-18-2019

We would like to change the default search period to an hour. How can we do it in 7.3?

aaronbarry73 · ‎10-18-2019

Hi @danielbb, from the CLI, go to Settings > Server settings > General settings > Search preferences. There's a drop down there to change the default time range.

The documentation to do this via web, CLI or conf file is here:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/Changedefaultvalues#Set_the_default_time_ra...

View solution in original post

aaronbarry73 · ‎10-18-2019

Hi @danielbb, from the CLI, go to Settings > Server settings > General settings > Search preferences. There's a drop down there to change the default time range.

The documentation to do this via web, CLI or conf file is here:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/Changedefaultvalues#Set_the_default_time_ra...

danielbb · ‎10-23-2019

Server settings > Search preferences in 7.3

Is there a way for the users to set their own defaults?

How do we change the default search period to one hour?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration