Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
943 results
Sorted by:
07-30-2020
11:13 PM
...LI. If someone tampered with the savedsearches.conf file I'd like to audit those changes somewhere. Is there a straightforward way? I was thinking of file monitor of the file in Splunk and raise an a...
Labels
06-09-2021
07:34 AM
...ispatch.ttl" in the Spunk documentation for savedsearches.conf, where it states: dispatch.ttl = <integer>[p]
* Indicates the time to live (ttl), in seconds, for the artifacts of the
s...
- Tags:
- saved search
Labels
- Labels:
-
Other
10-09-2012
04:28 AM
5 Karma
...ince there are a lot of those, I prefer to do it in the shell:
cd etc/apps/webintelligence
egrep '^(cron.*|\[.*\])$' default/savedsearches.conf | \
egrep -B 1 'cron_schedule = 0(\ \*){4}' | \
p...
02-07-2020
08:04 AM
Just adding the below stanza wuld be sufficient to disable a saved search in default/savedsearches.conf
disabled = 1
How can I disable or enable a saved search in splunk from config side.
I...
Labels
- Labels:
-
saved search
04-04-2012
01:32 PM
...o select in the last 4 hrs, 8 hrs etc.. The search is defined in savedsearches.conf. And I am looking for a way to pass in the selected time parameter to the saved search. Please
- Tags:
- savedsearches
10-03-2011
11:01 AM
Hi,
I've following entry in my savedsearches.conf:
[My_Summary_Query]
action.email.inline = 1
action.email.reportServerEnabled = 0
action.summary_index = 1
action.summary_index._name = `M...
- Tags:
- splunk
12-31-2020
02:04 PM
...avedsearch': Data could not be written: /nobody/SplunkEnterpriseSecuritySuite/savedsearches/Threat Also, the existing searches are not running nor showing up in ES.
Labels
- Labels:
-
configuration
-
troubleshooting
03-03-2014
01:01 PM
Hi,
From the [post][1] , I learned that we can use following to refresh savedsearches.conf.
splunk _internal call /servicesNS/admin/search/admin/savedsearch/_reload -auth username
My d...
- Tags:
- refresh
- splunk-cli
02-14-2022
02:17 AM
I think savedsearches.conf contains information about alerts and reports. If you execute the following btool command and check the result, which is the report or the alert? I can't tell.
if i u...
Labels
- Labels:
-
alert action
