I've tried a few methods shared here to adjust the start/end times of span. Mainly: 1 -    | eval _time=_time-3600 | bin _time span=4h | eval _time=_time+3600   2 -   | timechart span=4h aligntime=@h-120m   However after testing, neither of these is actually offsetting the span. It only changes the times shown in the resulting table. The values (in my case counts) in each box do not change, just the _time values. Am I doing something wrong? For example: _time A B C 1/28 00:00 2 1 2 1/28 04:00 4 2 4 1/28 08:00 6 3 6 1/28 12:00 8 4 8 1/28 16:00 10 5 10   _time A B C 1/27 22:00 2 1 2 1/28 02:00 4 2 4 1/28 06:00 6 3 6 1/28 10:00 8 4 8 1/28 14:00 10 5 10 ... View more

@LukeMurphey  I'm trying to run the File/Directory Information Input app (v1.4.5) on a universal forwarder. It's a windows server and I've installed the latest version of python 3 (and set the app to use 3). I keep getting the same 3 errors in splunkd (copied from another post as my system is isolated): "09-18-2019 10:47:10.099 +0200 ERROR ModularInputs - Introspecting scheme=file_meta_data: Unable to run "python "C:\Program Files\SplunkUniversalForwarder\etc\apps\file_meta_data\bin\file_meta_data.py" --scheme": child failed to start: The system cannot find the file specified. 09-18-2019 10:47:10.356 +0200 WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts 09-18-2019 10:47:10.356 +0200 ERROR ModularInputs - Unable to initialize modular input "file_meta_data" defined in the app "file_meta_data": Introspecting scheme=file_meta_data: Unable to run "python "C:\Program Files\SplunkUniversalForwarder\etc\apps\file_meta_data\bin\file_meta_data.py" --scheme": child failed to start: The system cannot find the file specified.." (Except it says Python3.exe instead of python). Other posts with these errors did not have python installed, or one said their path environment variable was incorrect but didn't elaborate. My path is set with the 2 default values from the installer if that matters. ... View more