Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to alert a user when his maximum time window is excedeed

alfreddupont012
Engager
‎02-25-2020 01:28 AM

Hello,
I created a specific role for some users with a defined maximum time window. Hence, these users are not allowed to search for more tha 7 days.
As specified in the docs, 

srchTimeWin = <integer>
* Maximum time span, in seconds, of a search.
* This time window limit is applied backwards from the latest time
   specified in a search.

The problem is that when time window specified in the search is greater than the maximum time window, there are no messages that can warn the user that his search time window has been reduced.

Is there a way to display an error or a message when this happens ?

0 Karma
Reply

anmolpatel
Builder
‎02-26-2020 06:46 PM

This is what I would do as an alternative solution

Method 1:
1) go to localhost:8000/en-US/manager/launcher/data/ui/times
2) define custom time ranges for the roles
3) update the sharing permissions for other time ranges to exclude that role type

This will only display the time ranges that are available to the role

Method 2 (greater flexibility):
On the default app for the user, write up instructions about the capabilities each role has.
You can display the capability information panel based on the role type by executing a rest search

0 Karma
Reply

alfreddupont012
Engager
‎02-27-2020 01:36 AM

Hello,

Thanks for your help, but these solutions cannot be applied to my case...

About method 1, the users need to perform historical searches (between this date time and this one, not just the last 24hours for example)
About method 2, I assume my users can easily forget what they read, and I dont want to be in the case where you ignore a message when you see it daily

The best mitigation I found for now is a custom dashboard where the user inputs the start date, select the search duration (1hour, 24 hours, etc), and then enter his query. The dashboard then specify the earliest and latest tags based on the user input, and then feed the user's query

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...