Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

How to limit the searchable time range for each user

release date
2016-11-18
last updated
2023-09-29
version
Splunk Enterprise 9.0.3
Overview
How to limit the searchable time range for each user
Reference information
content

About the searchable time range of data

By default, users can search data for all hours that have been ingested into Splunk.

If you want to limit the time range of searchable data for each user, you can set it in the following way.

Searchable time range setting method

  • Go to SplunkWeb and select Settings > Access Control > Roles > New.
  • Enter the role name, and in "Restriction of search time range", enter the time range in seconds that you want to be searchable.
    *For example, enter 604800 if you want to be able to search data for the past 7 days.
  • Select the save button.
  • From Settings > Access Control > Users, select the users whose time range you want to search.
  • From "Assign to role", assign the created role and save.

that's all

to previous page