In order to establish the default value for time range, the viewstates.conf file will need to be modified. The stanza that needs to either be modified or added is below: [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours In the example above, the default option is 4 hours. For last 60 minutes, you would change the "Last 4 hours" to "Last 60 minutes". Now, to make the actual modification, you'll need to do it in 2 separate locations - one for current users and another for new users. Current users: 1. Navigate to $SPLUNK_HOME/etc/users/ [your user] /search/local/viewstates.conf 2. Edit viewstates.conf 3. Modify the "TimeRangePicker_0_1_0.default" to your liking [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours Save NOTE: No need to restart Splunk for this change to take effect as it is parsed at login time. New users: 1. Navigate to $SPLUNK_HOME/etc/apps/search/local 2. If viewstates.conf does not exist, create a text file, rename to viewstates.conf and add the following lines: [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours Save file Restart Splunk -- IMPORTANT!!!! NOTE: If a user changes the search to "All Time", the default for that specific user will be changed from your default choice to "All Time". Again, replace "Last 4 hours" with the specific default time range you would like your NEW users to have. ... View more