Splunk Search

Why is the Search app time range picker defaulting to 2001, even if I specify another date and time?

jacobtom
Engager

Hi,

I used to set specific date and time range while doing a search in splunk however it started setting 2001 as the date by default as soon as I hit on search button even if I provide another date & time.
Appreciate the fix. Thanks
Jacob

Tags (2)
1 Solution

vhallan_splunk
Splunk Employee
Splunk Employee

vhallan_splunk
Splunk Employee
Splunk Employee

Yes this bug SPL-90600 has now been fixed in our latest release:

http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/6.1.4#Highlighted_Issues

linu1988
Champion

Hello Guys,
This issue has been fixed now in 6.1.4 release. I have tested it and it works perfectly on Windows machine.

Thank you team Splunk 🙂

TobiasBoone
Communicator

Same issue; have enterprise support and plan on calling in.

0 Karma

hoopydave
Path Finder

This is happening as well on my instance of Splunk 6.1.3.
Any update on a fix?

0 Karma

joebaglio
New Member

Dear Splunk. Please fix this ASAP. I am still on eval and likely will not recommend licensing with this bug outstanding. It is inexcusable.

0 Karma

sowings
Splunk Employee
Splunk Employee

The way the OS handles integers is inexcusable on the part of Splunk?

0 Karma

neelamssantosh
Contributor

have a Look into your ui-pref.conf file.
dispatch.earliest_time =
dispatch.latest_time =
http://docs.splunk.com/Documentation/Splunk/6.1.3/Admin/Ui-prefsconf

0 Karma

bsolberg
Engager

UI-Pref.conf is not the issue as the problem isn't that the default selection is from 2001... but rather that when we select a date (even leaving it as a 2014 date that is shown by default) the search is actually run against another date. To be clear the date is not the same but with a different year. The actual search is against a different date & time in September. The LAST date I can search for and where the date and/or time range selector actually works is September 6th, 2014 21:50:07.999 PT (EPOCH: 1410065407 sec or 1410065407999 ms).

I have a feeling that maybe it is a digit concatenation or hitting the max length of their "_time" field but those are just guesses.

0 Karma

vhallan_splunk
Splunk Employee
Splunk Employee

This is related to http://answers.splunk.com/answers/154984/why-time-range-picker-on-default-splunk-6-1-x-ui-shows-earl...

The work around is mentioned in the Splunk Answers Post above:

Add the "earliest= and latest=" commands to the search query.

linu1988
Champion

I agree that is not at all a practical solution for the end users. It should be provided as an early patch 😞

0 Karma

las
Contributor

That is a workaround, yes - but it is not practical in our situation, where there is a lot of saved reports, with a timepicker, or dashboards with a timepicker. I'm not saying it is not possible to use the workaround, but it's not usable.

0 Karma

ankeetashet
Engager

We are having the same issue too from the last few days. Any workaround for the same, please let us know.

0 Karma

las
Contributor

This looks like the same problem as this one

http://answers.splunk.com/answers/154984/why-time-range-picker-on-default-splunk-6-1-x-ui-shows-earl...

Hopefully this will get fixed soon.

0 Karma

lrudolph
Path Finder

Having the same problem running 6.1.3 on a Windows W2KR8 SP1-Cluster. Is there any workaround to get results from lets say the day before yesterday?

0 Karma

devicenul1
Path Finder

I encountered this Tuesday(9/9/2014) and ended up putting a ticket in ... the rep I called into said that this is a bug they are currently working on. I can tell you I am running 6.1.1 but from the short conversation I had with him it sounded like it was all current versions running on Windows machines. I just sent another message asking for an update but I got the impression that this was a priority and they were going to issue a fix for it ASAP.

mikaelbje
Motivator

+1. I need this fixed

0 Karma

bsolberg
Engager

Same issue here and we are running 6.0.1 (search head) on a Windows 2008 R2 server. Searching from the LINUX indexers is not affected so it makes me wonder if this may have something to do with a Microsoft patch that was recently released.

0 Karma

lrudolph
Path Finder

I don't think this has something to do with a Microsoft patch on server side - we don't have automatic updates configured and ran into this problem anyway.

0 Karma

skinnear
New Member

Any update on this as we just noticed this bug this morning.

0 Karma

linu1988
Champion

Someone give a patch. It's kind of wield when it does round up to 2001. What is the config file in Splunk which is causing this? We are using Splunk x64 6.1.3 we have the issue

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...