Solved: Refine Search, Create Alert, Search Time Range Cha...

andrewkenth · ‎12-27-2013

In Splunk 6 I am noticing that I when I refine a search and set a time range to Yesterday then save said search as an alert it saves the time range as Last 1 Day (no snap to) until now, instead of Yesterday. Yesterday could be relative but that would be Last 1 day (Beginning of day) until Today (Beginning of today).

Is this user error? A bug?

Thanks for your feedback!

Andrew

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

View solution in original post

andrewkenth · ‎02-13-2014

I ended up not using the range picker (setting it to all time) and instead used the earliest= and latest= in my search query.

di2esysadmin · ‎02-13-2014

I'm have a similar issue. Have saved a search to be "today". When I go back and edit it, it's set to "last 1 hour". Thus it isn't firing as it should.

Running 6.0.1.

I thank you as well.

Karla

Refine Search, Create Alert, Search Time Range Changed!?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms