Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to change default from "All time" in Pivot time filter?

jwebster0000
Engager
‎07-22-2014 04:44 PM

Currently when building a pivot table the default time is set to "All Time".
Is it possible to set it to some other value? I've tried overriding it by
adding the following entries to $SPLUNK_HOME/etc/system/local/ui-prefs.conf,
but they have no effect. We're running Splunk 6.1.1.

[pivot]

dispatch.earliest_time = -7d

dispatch.latest_time = now

[search]

dispatch.earliest_time = -7d

dispatch.latest_time = now

[default]

dispatch.earliest_time = -7d

dispatch.latest_time = now

Tags (3)
Reply

strive
Influencer
‎03-09-2018 05:37 PM

Try this:

[general_default]
default_namespace = launcher
appOrder = search
default_earliest_time = -48h
default_latest_time = now
0 Karma
Reply

patng_nw
Communicator
‎07-31-2020 02:14 AM

Tried this on the search heads.  Restarted them but the default Time Picker in Pivot Edit is still "All Time".  We are also trying to promote the user of Data Models, but the default "All Time" is a real concern, as most biz users will use whatever default is there, and all these will put lots of strain on the servers.

0 Karma
Reply

w531t4
Path Finder
‎01-18-2017 07:32 AM

Bump -- Any updates on this? Certainly this would be a good thing to have.

0 Karma
Reply

tmeader
Contributor
‎05-28-2017 03:51 PM

Agreed. We'd like to open the pivot interface up to more people, but if we're going to allow them to experiment on their own with writing them, we cannot have the default set to All Time. Please allow a method to change this, or at least change the DEFAULT to something much more reasonable.

Reply

mholme59
Explorer
‎07-18-2017 07:40 AM

Bump, I am in the same boat as tmeader. We've moved a good deal of our data into models, and want to open up access to our less technical users via the pivot screen. However, I cannot have a flood of users searching huge data sets all time.

Reply

sowings
Splunk Employee
Splunk Employee
‎02-12-2015 04:15 PM

Not at present, but there is a feature request in place to address this. Look for the change in a future release.

Reply

pradeepkumarg
Influencer
‎02-12-2015 12:26 PM

Did you find a solution to this?

0 Karma
Reply

strive
Influencer
‎03-09-2018 05:37 PM

Try this

[general_default]
default_namespace = launcher
appOrder = search
default_earliest_time = -48h
default_latest_time = now
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...