Select time ranges to apply to your search
Use the time range picker to set time boundaries on your searches. You can restrict the search to Preset time ranges, custom Relative time ranges, and custom Real-time time ranges. You can also specify a Date Range, a Date & Time Range, and use
Define custom time ranges
If you want to specify a custom date range, select Custom time... from the dropdown menu.
Then, select "Date" in the popup window. You can enter the date range manually or use the calendar pop-up.
For example, if you were interested in only events that occurred during the second business quarter, April through June, you might select the date range:
The time range menu indicates the date range that you selected. Notice also that the timeline only shows the selected date range:
Note: If you are located in a different timezone from your server, time-based searches use the timestamp of the event from the server where it is indexed.
Define custom relative time ranges
1. From the time range picker, select Custom time...
2. Select Relative from the Range Type options.
3. Enter an Earliest time value.
Note: You can also use this window to see the Search language equivalent of your earliest time value and the Effective range that it translates to in Splunk.
Customize the time ranges you can select
Splunk now ships with more built-in time ranges. Splunk administrators can also customize the set of time ranges that you view and select from the drop down menu when you search. For more information about configuring these new time ranges, see the times.conf reference in the Admin Manual.
About time ranges in search
Specify time modifiers in your search
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18