All Apps and Add-ons

Splunk for k8s - please review savedsearches.conf and add default time range constraints

guilmxm
SplunkTrust
SplunkTrust

Hello,

Reviewing the new Splunk for k8s addon, you could please review the savedsearches.conf and add a minimal default earliest and latest timerange to the searches ?

For example:

dispatch.earliest_time = -24h
dispatch.latest_time = now

Currently the searches will run over All time by default since only the search definition exist on a per stanza statement.
That is not good practices for customers.

Kind regards,

Guilhem

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Hey Guilmxm!

Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).

Will report back once it is done. Also feel free to provide any other feedback you might have!

Matt

- MattyMo

View solution in original post

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hey Guilmxm!

Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).

Will report back once it is done. Also feel free to provide any other feedback you might have!

Matt

- MattyMo
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...