# continuous range, current [last_15_mins] label = Last 15 minutes header_label = in the last 15 minutes earliest_time = -15m latest_time = now order = 10 [last_60_mins] label = Last 60 minutes header_label = in the last 60 minutes earliest_time = -60m@m latest_time = now order = 20 [last_4_hours] label = Last 4 hours header_label = in the last 4 hours earliest_time = -4h@m latest_time = now order = 30 [last_24_hours] label = Last 24 hours header_label = in the last 24 hours earliest_time = -24h@h latest_time = now order = 40 [last_7_days] label = Last 7 days header_label = in the last 7 days earliest_time = -7d@h latest_time = now order = 50 [last_30_days] label = Last 30 days header_label = in the last 30 days earliest_time = -30d@d latest_time = now order = 60 [last_90_days] label = Last 90 days header_label = in the last 90 days earliest_time = -90d@d latest_time = now order = 70 [last_180_days] label = Last 180 days header_label = in the last 180 days earliest_time = -180d@d latest_time = now order = 80 [last_365_days] label = Last 365 days header_label = in the last 365 days earliest_time = -365d@d latest_time = now order = 90 [other] label = Other is_sub_menu = True order = 200 # # snapped range, current # [today] label = Today earliest_time = @d latest_time = now order = 100 sub_menu = Other [week_to_date] label = Week to date header_label = this week to date earliest_time = @w0 latest_time = now order = 110 sub_menu = Other # starts from the previous monday @ midnight to now [business_week_to_date] label = Business week to date header_label = this business week to date earliest_time = @w1 latest_time = now order = 120 sub_menu = Other [month_to_date] label = Month to date header_label = this month to date earliest_time = @mon latest_time = now order = 130 sub_menu = Other [year_to_date] label = Year to date header_label = this year to date earliest_time = @y latest_time = now order = 140 sub_menu = Other # # snapped range, previous # [yesterday] label = Yesterday earliest_time = -1d@d latest_time = @d order = 200 sub_menu = Other [previous_week] label = Previous week header_label = in the previous week earliest_time = -7d@w0 latest_time = @w0 order = 210 sub_menu = Other # If you run a search with this time range on a Sunday, the earliest time value # will be the most recent Monday. If you run this time range on a Saturday, # however, the earliest time will be two Mondays ago. [previous_business_week] label = Previous business week header_label = in the previous business week earliest_time = -6d@w1 latest_time = -1d@w6 order = 220 sub_menu = Other [previous_month] label = Previous month header_label = in the previous month earliest_time = -1mon@mon latest_time = @mon order = 230 sub_menu = Other [previous_year] label = Previous year header_label = in the previous year earliest_time = -1y@y latest_time = @y order = 240 sub_menu = Other # # Real time # [real_time_menu] label = Real-time is_sub_menu = True order = 100 [real_time_last30s] label = 30 second window header_label = in a 30 second window (real-time) earliest_time = rt-30s latest_time = rt order = 100 sub_menu = Real-time [real_time_last1m] label = 1 minute window header_label = in a 1 minute window (real-time) earliest_time = rt-1m latest_time = rt order = 110 sub_menu = Real-time [real_time_last5m] label = 5 minute window header_label = in a 5 minute window (real-time) earliest_time = rt-5m latest_time = rt order = 120 sub_menu = Real-time [real_time_last30m] label = 30 minute window header_label = in a 30 minute window (real-time) earliest_time = rt-30m latest_time = rt order = 130 sub_menu = Real-time [real_time_last1h] label = 1 hour window header_label = in a 1 hour window (real-time) earliest_time = rt-1h latest_time = rt order = 140 sub_menu = Real-time [real_time_all] label = All time (real-time) header_label = in total (real-time) earliest_time = rt latest_time = rt order = 200 sub_menu = Real-time # # All time # [all_time] label = All time header_label = over all time earliest_time = 0 order = 500