Consider these three searches that end with timechart. The second one skews time range all the way to year 2038! How do I fix that?
1. Index search
2. Change to equivalent tstats
| tstats count where index=_internal earliest=-7d by _time span=1d
| timechart span=1d sum(count)
Note how timespan magically changes all the way to 2038?
3. Do not use earliest with tstats; use time selector in search screen.
| tstats count where index=_internal ```earliest=-7d``` by _time span=1d
| timechart span=1d sum(count)
I have specific reasons to set earliest with specific token in dashboard. So, search time selector is not an option.
Agreed that it is unusual.
I have had similar behaviour in some of my timecharts when I specify my time. I haven't looked into it enough to figure it out.
Where future isn't specified, I can at least see it (reluctantly, but with previous data (with start time and end times specified in the time selector), I can't explain it. Example below:
As you can see, I have specified an hour 1 week ago, but for some reason, the timechart insists that latest=now... it's a bug, I'm pretty sure.
