Maybe it’s not taking the settings due to app/config order precendece, run this to see you apps settings | rest splunk_server=local services/configs/conf-ui-prefs
| rename eai:appName AS app
| tabl...
See more...
Maybe it’s not taking the settings due to app/config order precendece, run this to see you apps settings | rest splunk_server=local services/configs/conf-ui-prefs
| rename eai:appName AS app
| table app, disabled, display.events.maxLines, eai:acl.owner, eai:acl.perms.read, eai:acl.perms.write, eai:acl.sharing As these settings is in the search app MaxLines_Values (YOUR_APP) (This file needs to be ui-prefs.conf needs to be in the default folder in your app MaxLines_Values, it will then auto place it into local in cloud, make sure you update the version number so Splunk takes the new version as you already have it in there. /default/ui-prefs.conf [search]
display.events.maxLines = 20 Your meta data needs permissions metatdata/default.meta []
access = read : [ * ], write : [ admin, sc_admin]
export = system I can’t test this as I don't have cloud, but worth a go, if that fails worth installing https://splunkbase.splunk.com/app/6368 As this can show app precedence order | btool ui-prefs list --local