...ave tried with make all the dashboard run a base searchand then post process the results on each panel, this did'nt reduce the duration.
So, what you recommend, use a savedsearch, a summary index o...
Hello,
On a search head cluster of 3 members with Splunk Enterprise Security, search results match exactly with all Search Heads.
But results based on DataModel are different across all Search...
Apologies if I've missed something obvious,
assuming I don't use parameterized savedsearches, what benefits are there using savedsearches over datamodels? i.e. in what circumstances would I u...
We installed splunk_app_aws with default setting. The next day ALL the savedsearches were on the Skipped Search report because they were running as "nobody" and needed updated search quotas.
We c...
Is there a way to call 2 different datamodels in SPL to join them with stats? I have tried multisearch, but didn't work. like this :
| multisearch [ | pivot. DM_1.... ] [ | pivot ..DM_2.......
...he feeds (index, sourcet... - Splunk Community.
I just want to nail down a method for ensuring that the datamodels configured within correlation searches are configured - AND are operating as i...
Is there any way in splunk to pull all the list of dashboards, macros, savedsearches, anddatamodels that uses the splunk internal indexes (_*)?
Any suggestions or ideas would be great.
...ackfill the datamodels without having to do a full rebuild? I found python fill_summary_index.py in docs, but it is not clear if this works on datamodels. Docs on specifies savedsearches
...nstall to the What Happens Next page, and be pretty overwhelmed with what to do next: Learn SPL andsearch? What should they search? How should they start getting their data in? W...