- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Help with with saving selected fields per user.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help with with saving selected fields per user.
I am looking for help with Splunk configurations that the documentation does not seem to provide and can not be found on Splunk Answers.
The problem is selected fields are not persisting between sessions/alerts.
I know this is possible since my old version of Splunk has this ability.
Ex.
1. User clicks on drilldown search for Notable Event. User marks Selected Fields to use.
2. User closes tab and reopens the same drilldown search for that Notable Event.
3. Selected Fields are gone and it is back to its default state.
How do I get selected fields to save per user?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @dood9999, Would you be able to elaborate the question in detail along with few screenshots?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will not be able to give screenshots but the issue was larger than just selected fields. It was no data was saving on a per user basis. This includes selected fields, search mode, and many other things.
I found in another thread that the newer versions of Splunk come with an "Optimizations" script that disables these by default and in the documentation it states to not disable this. However in the thread the Splunk guy said this optimization was meant for environments with over 1000 users. My environment has a handful of users so disabling has not caused any issues so far.
This has fixed my issues of saved data not persisting for each user. However, If it is possible I would like to keep the optimizations but then disable certain features that it is optimizing.
is that possible?
Example: Only optimizing search mode since verbose could theoretically take the most processing power.
I hope I have explained this enough.
Edit: Here is the thread I spoke about - https://community.splunk.com/t5/Dashboards-Visualizations/9-0-5-ui-prefs-conf-Why-my-default-search-...
Get the T-shirt to Prove You Survived Splunk University Bootcamp
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
