Is it possible to set a hardcoded value for the "Items per page" on the Searches, Reports, and Alerts page? Each time I open the console, it resets to "10" and I would like to keep it set to 100 for all users at all times.  ... View more

I have the following event from GCP pubsub: {     attributes: {    }    data: {       insertId: dbp95qcbup      logName: organizations/xxxxxxx/logs/cloudaudit.googleapis.com%2Fdata_access      protoPayload: { [+]      }      receiveTimestamp: 2021-08-02T05:52:58.861079027Z      resource: { [+]      }      severity: NOTICE      timestamp: 2021-08-02T04:01:48.076823Z    }    publish_time: 1627883579.307 }   Is there any way to use a forwarder to only send the contents of data{} to Splunk? I essentially want to strip off the outer parts of the JSON attributes{}, publishtime and have the event sent as the contents of the data{} field:" { "insertId": "dbp95qcbup", "logName": "organizations/xxxxxxx/logs/cloudaudit.googleapis.com%2Fdata_access", "protoPayload": {}, "receiveTimestamp": "2021-08-02T05:52:58.861079027Z", "resource": {}, "severity": "NOTICE", "timestamp": "2021-08-02T04:01:48.076823Z" } ... View more