Is there a way to manipulate time range picker usi...

wagnerbianchi · ‎11-20-2012

Since some days ago I was thinking a way to manipulate the "time range picker" or even the period to retrieve data from Splunk just using a query on Search App. Is it possible?

I will appreciate any hints on that, thank you.

bwooden · ‎11-20-2012

Yes, you may override the time range picker value in the search syntax itself. For example, to search for the last 5 minutes, regardless of time range picker value:

sourcetype=foo index=bar host=baz earliest=-5m

There is a list of relative time modifiers that details all the options.

Note: This technique will create a notification to the user that the time range pickers was overridden.

alacercogitatus · ‎11-20-2012

You can use inline time modifiers. For example: to search 2 days ago until 1 day ago, you can use this inline with your other searchterms:

sourcetype=foo earliest=-2d@d latest=-1d@d|other_commands

You can read more on Time Modifiers here: http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/SearchTimeModifiers

sowings · ‎11-20-2012

You can use the earliest and latest keywords in your search (they have to be before the first pipe | character) to change the time range. This doesn't update the shown label of the time range picker, though.

See here for more information.

sowings · ‎11-20-2012

Heh, this one was a foot race!

alacercogitatus · ‎11-20-2012

darn you! 😄

Is there a way to manipulate time range picker using just a seach query?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!