Hello all,
I'm trying to define splunk saved-search using the splunk CLI.
In order to enable scheduling of a saved search, I identified the option "enableSched" inthe savedsearch.conf. I w...
I have recently created a field extraction on one search head that I have assigned all apps and users to read and write and was wondering how long is would take for a change done in one search head t...
when i type inthe command line (cmd not powershell): splunk search "*" -maxout 0 | find /c /v "" I get the return of about 195k records. however when i filter by one of the sourcetype, from one o...
...t;user_context>/<app_context>/saved/searches/<search>/disable -X POST I have a splunk alert Application Down Alert (Alert name has spaces in it) How do i disable this alert via c...
...re not reflected when I look at the web for purpose of checking. Does anyone know how to make changes to ES correlation rules(savedsearch.conf) intheCLI and update searches without rebooting Splunk?
...et the following error message after entering that command:
An error occurred:
Error while sending public key to search peer https://10.160.26.135:8089: Connect timed out.
I verified the f...
Hello, I try to export a large log with CLIsearch below. It works well with a smaller log return, but giving error on large logs, FATAL: Thesearch job terminated unexpectedly. For in...
This clisearch command works from a machine with a universal forwarder:
splunk search "index="foo" earliest=-7d | sort -SensorDateTime | stats first(SensorDateTime) by bar" -preview false -u...
I am using a locally installed Splunk instance to perform a remote search using theCLI.
splunk search "index=sandbox sourcetype=access http_status_code<400 earliest="10/01/2017:00:00:00" l...
I'm running into an issue with the syntax for a CLIsearch using erex.
The problem seems to be with the double quotes. I've tried single quoting the erex examples and counter examples, but none o...