This post is about building splunk query/dashboard for getting historical time for source aggregation.
Sharing the query first here and then I will add bit of explanation on top of it
spath operation | search operation=AGGREGATE | spath "attributes.sourceName" | search "attributes.sourceName"="$source_name$" | dedup attributes.aggregationId technicalName created | eval start = strptime(created, "%Y-%m-%dT%H:%M:%S.%3N%Z") | streamstats last(start) as prev_time current=f window=100 by attributes.aggregationId | eval diff=abs(prev_time-start)/60 | search diff > 0 | sort start|rename diff as "Aggregation time(minutes)"| table created, "Aggregation time(minutes)"
Replace $source_name$ with source name you have in your environment. This is source name which you see in source screen.
I have built splunk dashboard using this query where I can get list of sources in dropdown in dashboard control panel and duration as option. Screenshot below for reference
You can use this document to build splunk dashboards Create dashboards and panels - Splunk Documentation