Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Invalid Earliest_time in Splunk dashboard

shaileshv02
Explorer
‎08-04-2014 11:55 PM

I am trying to make a dashboard with a custom time by editing the XML and giving the time in tag. I have tried all possible time formats as given in the document but everytime i am getting an error "Invalid earliest_time".
I have given the sample of the xml below.





Search String
Dashboard Title
5/11/2013:20:00:00
12/11/2013:20:00:00


Any help is appreciated.

Thanks in Advance.

Reply

sklass
Path Finder
‎05-14-2015 12:48 PM

In poking through the returned data - when it did work it looks like the format should be.

YYYY-MM-DDTHH:MM:SS

Example: 2015-05-02T07:30:00

You can also append your timezone at the end as well. Really this is way harder than it should be.

0 Karma
Reply

strive
Influencer
‎08-05-2014 03:28 AM

In XML You can specify the time as relative time or absolute time. For absolute time it should be in epoch format.

Check this link. http://docs.splunk.com/Documentation/Splunk/6.1.2/Viz/PanelreferenceforSimplifiedXML#earliestTime

For relative time modifiers check section Specify relative time ranges in your search in http://docs.splunk.com/Documentation/Splunk/6.1.2/Search/Specifytimemodifiersinyoursearch

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...