Hello, I have a savedsearch that pushes data to summary index. The summary index has data for last 2 years and data volume is really huge. Suppose I want to add a new field to this data in s...
Hi Guys...
I have a scheduled search (Report) running a query with earliest=-2h@m latest=now. I have redirected the output to a Summary index. However, the output is The output is b...
If i have a saved report that is scheduled to run every 1 hour. I have used that savedsearch as a reference to a search query in a dashboard panel. My question is that whenever that d...
...efresh" feature enabled for the dashboard with 15 mints intervals. I used base search and the base search intern uses the | tstats. I am not familiar with savesearch or scheduled serch or l...
Hello Splunkers!!
I want a list of dashboards and those dashboards are using savedsearches & macros. How I can achieve those details by using rest command. So far I have tried the b...
Hello,
Currently, our client receives daily emails with the data from the CSV file embedded in the email. Is there a Splunk-only process for encrypting the email after embedding; or, encrypting the...
Is it possible to have action.summary_index._name have multiple values? Ie. can I have a savedsearch write to more than one summary index?
Ex. action.summary_index._name = my_alerts,general_summary
Issue: Phantom Add-on for Splunk – is not saving any changes done on Savedsearches and below error is observed in logs internally. Error observed in Internal logs : 2022-11-17 17:19:1...
I have Four Dashboards Level 1- Level 2- Level 3 - Level 4 Level 1 is a savedsearch and it has a field called months i want to drilldown using the month value to the next level 2 dashboard w...
...ull in Dashboard panel. Although the schedule reports works fine.
Any idea how long the savedsearches are accessible is there ant time frame like a week or some time is set, I am assuming if t...