O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Search within a limited time frame

By default, the Search & Reporting app's time range is set to Last 24 hours. Searches done using the All Time time frame will generally perform slower based on the volume and relative quantity of how much historical data is in the index. This problem grows when there are concurrent users doing the same thing. Although you can train your users to select a limited time range, not everybody will do this.

If you want to make the time range even shorter by default, you can simply change the default time range from the drop-down menu. We will do this by modifying the ui-prefs.conf file in an administrative Command Prompt.

Edit the following file:

SPLUNK_HOME/etc/system/local/ui-prefs.conf

Copy and paste the following ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required