...LI. If someone tampered with the savedsearches.conf file I'd like to audit those changes somewhere. Is there a straightforward way? I was thinking of file monitor of the file in Splunk and raise an a...
...ispatch.ttl" in the Spunk documentation for savedsearches.conf, where it states: dispatch.ttl = <integer>[p]
* Indicates the time to live (ttl), in seconds, for the artifacts of the
s...
We are adding comments to each search in our apps savedsearches.conf to keep our technical documentation for all saved searches as in-line as possible.
We are using Splunk native comment macro f...
...ince there are a lot of those, I prefer to do it in the shell:
cd etc/apps/webintelligence
egrep '^(cron.*|\[.*\])$' default/savedsearches.conf | \
egrep -B 1 'cron_schedule = 0(\ \*){4}' | \
p...
Just adding the below stanza wuld be sufficient to disable a saved search in default/savedsearches.conf
disabled = 1
How can I disable or enable a saved search in splunk from config side.
I...
...o select in the last 4 hrs, 8 hrs etc.. The search is defined in savedsearches.conf. And I am looking for a way to pass in the selected time parameter to the saved search. Please
...avedsearch': Data could not be written: /nobody/SplunkEnterpriseSecuritySuite/savedsearches/Threat Also, the existing searches are not running nor showing up in ES.
Hi,
From the [post][1] , I learned that we can use following to refresh savedsearches.conf.
splunk _internal call /servicesNS/admin/search/admin/savedsearch/_reload -auth username
My d...
I think savedsearches.conf contains information about alerts and reports. If you execute the following btool command and check the result, which is the report or the alert? I can't tell.
if i u...