Are time range pickers valid in reports? Also when...

dannyze · ‎10-15-2017

For clarification on second half of my question, I've had problems on running saved reports and having to adjust settings. Does this mean it does not run a fresh search?

niketn · ‎10-15-2017

@dannyze, time range picker are available in Reports, while saving a Splunk Search as a report you should be able to see the option to add Time Range Picker.

Ideally report should show updated information every time you run. However, that also depends on the time range you have picked for the search. For example if it was Yesterday (i.e. dispatch.earliest_time = -1d@D dispatch.latest_time = -0d@d), then results will not change until the day changes. If it is something like last 15 minutes (i.e. dispatch.earliest_time = -15m dispatch.latest_time = now), then it should update every time you run.

If you have scheduled the search then the result will not changes until the next iteration is run. For example following is a report cron schedule to run every 15 minutes : cron_schedule = */15 0 * * *.
Please let us know if it addresses the needs or not.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

dannyze · ‎10-17-2017

Yes, I wanted to confirm time range picker was a built in option thank you

niketn · ‎10-17-2017

@dannyze, I have converted to answer. Please accept to mark as answered.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Are time range pickers valid in reports? Also when running saved reports, do they run new updated data or run the same result as when saved?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes