...PLUNK_HOME$/etc/apps/<appname>/default/savedsearches.conf. - For version control / code management, I want to split this single savedsearches.conf into multiples savedsearches.conf files so that d...
...LI. If someone tampered with the savedsearches.conf file I'd like to audit those changes somewhere. Is there a straightforward way? I was thinking of file monitor of the file in Splunk and raise an a...
...(Linux, tgz-version) brings the "Invalid key in stanza" error in line 451 of `/opt/splunk/etc/apps/splunk_instrumentation/default/savedsearches.conf` - file. This wasn't the case in v.8.27.
It t...
We are adding comments to each search in our apps savedsearches.conf to keep our technical documentation for all saved searches as in-line as possible.
We are using Splunk native comment macro f...
...ispatch.ttl" in the Spunk documentation for savedsearches.conf, where it states: dispatch.ttl = <integer>[p]
* Indicates the time to live (ttl), in seconds, for the artifacts of the
scheduled s...
...o select in the last 4 hrs, 8 hrs etc.. The search is defined in savedsearches.conf. And I am looking for a way to pass in the selected time parameter to the saved search. Please
...ince there are a lot of those, I prefer to do it in the shell:
cd etc/apps/webintelligence
egrep '^(cron.*|\[.*\])$' default/savedsearches.conf | \
egrep -B 1 'cron_schedule = 0(\ \*){4}' | \
p...
Just adding the below stanza wuld be sufficient to disable a saved search in default/savedsearches.conf
disabled = 1
How can I disable or enable a saved search in splunk from config side.
I...
Hi,
From the [post][1] , I learned that we can use following to refresh savedsearches.conf.
splunk _internal call /servicesNS/admin/search/admin/savedsearch/_reload -auth username
My d...