Splunk dashboard

uagraw01 · ‎07-25-2020

How to hide this message in dashboard ?

richgalloway · ‎07-26-2020

IME, there is no way to suppress that message. Even using splunk_server=local does not help.

I've submitted a suggestion at https://ideas.splunk.com/ideas/EID-I-329 to hide such messages. Please consider up-voting it.

---
If this reply helps you, Karma would be appreciated.

uagraw01 · ‎07-26-2020

@richgalloway Correct, i checked with splunk_server=local, but is not working.

niketn · ‎07-26-2020

@uagraw01 the dispatch_rest_to_indexers is usually granted to folks with Admin roles. If it is not provisioned results are returned locally from SH. As far as you are getting the result back you would not need to grant the role access to the users whom you do not want to push REST request to Indexers.

Refer to documentation: https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

uagraw01 · ‎07-26-2020

@niketn Thanks for your suggestion

The_Simko · ‎07-25-2020

In your search, you could try to place splunk_server=local in the search.

Assuming you intend it to be ran only on the SH, then it's even better than masking the message.

uagraw01 · ‎07-26-2020

@The_Simko Yes i tried but it is not working

Splunk dashboard

simple XML

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!