I have such a ‘savedsearch’ and I would want to pass on 3 variables into the query when I select an option from the dropdown menu.
For Example –
When I Select
Option 1 – I should be able t...
from my saved search i'm trying to get the values of a field like below
<search>
<query>| savedsearch mysearch field3 = $value$ </query>
</search>
but its not w...
...rtifact_offset=0 savedsearch="named_search" ```current week``` | loadjob artifact_offset=1 savedsearch="named_search" ```previous iteration``` Once the table gets figured out, I'm not sure how I could e...
...ifference between the two now is defined in savedsearches.conf as: alert.track=1 means alert and alert.track=0 means report. That is it.
The main thing is I want to find out h...
Hi Splunk Experts, I've a scheduled savedSearch where it runs every 5 mins, with the Schedule window of 2 minutes. Instead of searching for last 5 mins, I want to achieve something like 00 to 05 m...
hi
I called a scheduled from my dashboard
| loadjob savedsearch="admin:XX:Hardware - Battery cycle pie"
| search Site=$tok_filtersite|s$
I have an issue with | search Site=$t...
Some KOs are not found on the GUI > Settings > Searches, Reports and alerts > "search" with its name.
The version we currently operate is 8.2.1 and SH Clustered. This happens quite f...
...he latest saved search to display in a dashboard? The user wants to know which day the job results are for.
FYI
if they did they could do something like
index=_audit savedsearch_name="M...