|
How can I change the default search period for an app so that my users search the last 15 minutes by default instead of all time? |
|
In order to establish the default value for time range, the viewstates.conf file will need to be modified. The stanza that needs to either be modified or added is below: [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours In the example above, the default option is 4 hours. For last 60 minutes, you would change the "Last 4 hours" to "Last 60 minutes". Now, to make the actual modification, you'll need to do it in 2 separate locations - one for current users and another for new users. Current users: 1. Navigate to $SPLUNK_HOME/etc/users/ [your user] /search/local/viewstates.conf 2. Edit viewstates.conf 3. Modify the "TimeRangePicker_0_1_0.default" to your liking [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours
New users: 1. Navigate to $SPLUNK_HOME/etc/apps/search/local 2. If viewstates.conf does not exist, create a text file, rename to viewstates.conf and add the following lines: [dashboard:_current] TimeRangePicker_0_1_0.default = Last 4 hours
NOTE: If a user changes the search to "All Time", the default for that specific user will be changed from your default choice to "All Time". Again, replace "Last 4 hours" with the specific default time range you would like your NEW users to have. |
|
you can specify a custom default search period in a copy of times.conf for your app. if you're using saved searches for your app, you could also specify the time range in the search, as described here: http://www.splunk.com/base/Documentation/latest/User/ChangeTheTimeRangeOfYourSearch 1
sure but how do ensure that is the selection that they will always start with?
(28 Jan '10, 01:18)
matt ♦♦
1
This would be useful, my users often set it to all time, which then stays as the default until they change it. Then their searches take ages and slow down the whole system. I know I could customise their timerangepicker but resetting their default selection would be useful also.
(25 Mar '10, 09:36)
Glenn
|
|
The instructions in rithy's answer above did not quite work for me on a 4.2.2 system. I got it to work with these stanzas: in the viewstates.conf files previously mentioned:
or
The minor difference being dashboard becomes dashboard_live and the additional flashtimeline entry. |
I used to see, some user won't bother what is period selected in search. So, I am looking, it should not change default search period for an app?
In the above solution, it seems, once user change the default period, it will change. Please advise if any one has solution.