|
We regularly need to search on the previous five days so I've added a definition to times.conf. The docs and examples show an 'order' key that lets you sort the custom time: http://docs.splunk.com/Documentation/Splunk/latest/admin/Timesconf When I tried it out, my time didn't sort where I expected. Checking the JSON from a search page, it looks like the standard times have order values based on their position in the dropdown * 10: 10 last 15 minutes 20 last 60 minutes 30 last 4 hours 40 last 24 hours 50 last 7 days 60 last 30 days I'm passing this along in case anyone else needs the information. P.S. If this sort of detail is in the docs somewhere, I'd be grateful for a pointer. I'm still trying to sort out where to find information without wasting peoples' time on SplunkBase. -- Thanks |
Refine your search:
- Apps & Questions
- Apps
- Questions
- Users
- Tags
Markdown Basics
- *italic* or _italic_
- **bold** or __bold__
- link:[text](http://url.com/ "Title")
- image?
- numbered list: 1. Foo 2. Bar
- to add a line break simply add two spaces to where you would like the new line to be.
- basic HTML tags are also supported
Tags:
Asked: 28 Dec '11, 17:37
Seen: 571 times
Last updated: 28 Dec '11, 17:37