I'm working on a really large search right now (on the order of 35 lines long). Is there a good way to insert a comment into a search query to remind a future search editor what is going on?
T...
I would like toaddcommentsto my searches, saved searches, macros and just about anywhere that I write search syntax. I have searches that have dozens of lines and they still call macros to o...
Hello everybody, using Splunk 8.1.0 and relaterd to https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Parsingsearches trying toaddcomments via ```my_comment``` tosearch r...
...he status column ( The comments are static either there is no action or i have to fix in next release or exception ) so only 3 Can i give that as a dropdown and then select that Vulnerability and a...
I am copying my dashboard to a new dashboard as I add functionality so I don't destroy the original dashboard. I have discovered that the comments (even though they are within the label as one of t...
I would like to know if it's possible toadd a column to the end of my search results with an editable text box in it, so I can addcommentsto specific rows in my output before printing or e...
We have a number of correlation searches that trigger in Enterprise Security. From these events that trigger in IR, some events are true positive others are not. What I am trying to do is have my a...
...ant to move to a centralized server where we can see logs from all systems in one place. But we'd also like to keep the old functionality of limiting searchesto only one system (eg "I want to focus o...
...OTE 2:
I do not have enough karma to attach files. If you need to see any of the conf files, please let me know, and I will post it in the comments.
@admin:
The ip addresses are representative a...