Siren Platform User Guide

Setting the time filter

The time filter restricts the search results to a specific time period. You can set a time filter if your index contains time-based events and a time-field is configured for the selected index pattern.

Because of the variety of date formats in use, and the possibility that an index is fixed to use a specific format, Siren provides sample valid dates when editing filters.

By default, the time filter is set to the last 15 minutes. You can use the Time Picker to change the time filter or select a specific time interval or time range in the histogram at the top of the page.

To set a time filter with the Time Picker:

  1. Click Time Picker (fa-clock-o.png) in the Siren Investigate toolbar.
  2. To set a quick filter, click one of the shortcut links.

    Time filter shortcuts.
  3. Click Select All in the Apply to Dashboards section to apply the time filter to all dashboards. Alternatively, you can select individual dashboards. The time filter is applied to the current dashboard by default.
  4. To specify a time filter relative to the current time, click Relative and specify the start time as a number of seconds, minutes, hours, days, months or years. You can also specify the end time relative to the current time. Relative times can be in the past or the future.

    Relative time filter.
  5. To specify both the start and end times for the time filter, click Absolute and select a start and end date. You can adjust the time by editing the To and From fields.

    Absolute time filter.
  6. Click the caret (caret-down.png) in the bottom right corner to close the Time Picker.

To set a time filter from the histogram, do one of the following:

  • Click the bar that represents the time interval you want to zoom in on.
  • Click and drag to view a specific time span. You must start the selection with the cursor over the background of the chart. The cursor changes to a plus sign (+) when you move the mouse pointer over a valid start point.

To move forward or backward in time, click the arrows to the left or right of the Time Picker:

Move backwards in time.

You can use your browser's Back button to undo your changes.

The displayed time range and interval are shown on the histogram. By default, the interval is set automatically based on the time range. To use a different interval, click the link and select an interval.