Re: How to filter time which starts from Jan 01-23...

Vish · ‎05-10-2023

I have added a Time filter for my charts in splunk but i want the default to be from 01-JAN-23, But the issue is when i use "since jan 2023" as default my values are not displayed can anyone help out how to add a time filter with default as "from 01-jan-23"

TrangCIC81 · ‎05-10-2023

Try the below. Let me know if it works.

In the search editor, add the following line at the top of your search:

earliest=-1y@d latest=now

This sets the default time range to be the last year, from today's date to one year ago.

Note: The @d specifies the start of the day. If you want to set the time to be at midnight, you can use @d or 00:00:00.

Replace the earliest value with the date you want to use as your default start date. For example, if you want to use 01-JAN-23 as your default start date, you can change the line to:

earliest=01-JAN-23 latest=now

enzomialich · ‎05-10-2023

Not sure what have you tried but I would add: earliest=-4mon@mon to your search.

enzomialich · ‎05-10-2023

@Vish
Actually, this only works during this month.

Try:
earliest=@y

this will snap time to the beginning of the year

richgalloway · ‎05-10-2023

How and where, exactly, are you specifying "since jan 2023"?

---
If this reply helps you, Karma would be appreciated.

How to filter time which starts from Jan 01-23?

chart

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?