Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
896 results
Sorted by:
02-06-2023
05:28 AM
...PLUNK_HOME$/etc/apps/<appname>/default/savedsearches.conf. - For version control / code management, I want to split this single savedsearches.conf into multiples savedsearches.conf files so that d...
Labels
- Labels:
-
other
07-30-2020
11:13 PM
...LI. If someone tampered with the savedsearches.conf file I'd like to audit those changes somewhere. Is there a straightforward way? I was thinking of file monitor of the file in Splunk and raise an a...
Labels
11-07-2022
03:03 AM
1 Karma
...(Linux, tgz-version) brings the "Invalid key in stanza" error in line 451 of `/opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf` - file. This wasn't the case in v.8.27.
It t...
- Tags:
- 8.2.9
Labels
- Labels:
-
upgrade
Show results in replies (7)
-
...fter making the change: e00229cf2b4fee8ecf2232d98358d1a32563bb7edf6a60ec2274e765fb51e22d savedsearches...
-
...pps/splunk_instrumentation/default/savedsearches.conf Invalid key in stanza [instrumentation.usage...
-
This is not fixed in the new version 9.0.3. Very sad...
-
The fix of this is scheduled in 9.0.4. Thanks for yor patience. 🙂
-
In 9.0.2, I changed /opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf line 4...
-
Yes, that's exactly the line for th 8.2.9 version although the sha256sum is different there.
-
Yeah it works! Not good that Splunk distributes bugged packages. Thank you @dfgrtKJH ! &...
10-03-2011
11:01 AM
Hi,
I've following entry in my savedsearches.conf:
[My_Summary_Query]
action.email.inline = 1
action.email.reportServerEnabled = 0
action.summary_index = 1
action.summary_index._name = `M...
- Tags:
- splunk
06-09-2021
07:34 AM
...ispatch.ttl" in the Spunk documentation for savedsearches.conf, where it states: dispatch.ttl = <integer>[p]
* Indicates the time to live (ttl), in seconds, for the artifacts of the
scheduled s...
- Tags:
- saved search
Labels
- Labels:
-
other
04-04-2012
01:32 PM
...o select in the last 4 hrs, 8 hrs etc.. The search is defined in savedsearches.conf. And I am looking for a way to pass in the selected time parameter to the saved search. Please
- Tags:
- savedsearches
10-09-2012
04:28 AM
5 Karma
...ince there are a lot of those, I prefer to do it in the shell:
cd etc/apps/webintelligence
egrep '^(cron.*|\[.*\])$' default/savedsearches.conf | \
egrep -B 1 'cron_schedule = 0(\ \*){4}' | \
p...
02-07-2020
08:04 AM
Just adding the below stanza wuld be sufficient to disable a saved search in default/savedsearches.conf
disabled = 1
How can I disable or enable a saved search in splunk from config side.
I...
Labels
- Labels:
-
saved search
03-03-2014
01:01 PM
Hi,
From the [post][1] , I learned that we can use following to refresh savedsearches.conf.
splunk _internal call /servicesNS/admin/search/admin/savedsearch/_reload -auth username
My d...
- Tags:
- refresh
- splunk-cli
