Hello fellow splunkers,
I have a large dataset that I am searching through, and I want to create a historical timechart which goes back for several months. Because of the size of the dataset, h...
We got a working solution using savedsearches (summary indexer and alert sending email) that does something like this:
# Name: our_good_saved_search
# Schedule: runs every 30 minutes
# Type: S...
...un for every 24 hours So need to create a report for everyday for last 24 hours and need to create report to collect everydata into summary index. so that if they search for last 60 days data s...
...heir timing is sporadic so I can't rely on a set time.
Once a new data feed arrives we run a search which joins data from other indexesand adds enrichment via lookups to create a transformed data set....
...have few doubts and would greatly appreciate if some on can chime in 2 cents based on past experience:
1. I am planning to create 150 Scheduled Searches (none of them is duplicate) to run every 1...
...ookup and used the following query | rest splunk_server=local /servicesNS/-/{app_name}/saved/searches
| fields title search eai:acl:owner eai:acl:app alert_type u...
...o add a loading notification / alert to advise colleagues that Splunk is retrieving the information but may take some time? The delay unusually is only for their 1st searchand thereafter the searches...
...hese are all Server 2019 machines.
I have verified inputs.conf is pointing event logs to index:wineventlog but that index locally has 0 results and about 112,000 results on the cloud server.
I'm s...