×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Collthulhu
Engager
Member since: ‎07-16-2025
Monday
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎07-16-2025
Topics I've Started
No posts to display.
View All

Re: Why drilldown using all-time in Enterprise Sec...

by in Deployment Architecture
‎07-22-2025 03:12 PM
1 Karma
‎07-22-2025 03:12 PM
1 Karma
I haven't found a fix, but this is how I've been working around it: In the detection search, make sure to call addinfo . Then, you can still use info_min/max_time to filter. You just have to do the filtering yourself. Examples: index=StuffYouWant starttimeu=$info_min_time$ endtimeu=$info_max_time$ | ...   | from datamodel:"Authentication"."Failed_Authentication" | search  _time>$info_min_time$ _time<$info_max_time$ ... ... View more
Contact Me
Online Status
Offline
Date Last Visited
Monday
Karma from
View All