In Splunk I have configured the searchbnf.conf to provide some helpful search hints inline while the person types SPL. It works pretty good, with each search option coming up in green as a suggestion. However, the suggestions always have an equal sign after the option is found. For instance, the custom search I created is runmycmd, and it has the option of trigger, then a host= parameter for the user to use in SPL. The right way to use it is like this | runmycmd trigger host=mylinuxmachine .
In my searchbnf.conf I am specifying that trigger is an option top the runmycmd command, but it always wants to put an equal sign. Is there a different option here that restricts the help to just a parameter name rather than a name=value pair?
syntax = runmycmd | |
shortdesc = Executes a request of your environment to bring data in. This command includes several operators.
description = Uses this method to retrieve data
usage = public
example1 = | runmycmd trigger host=mylinuxmachine
comment1 = In this example if you find a trigger that is on a host named mylinuxmachine
... View more
I have configured the Pi Hole TA, App and CIM and when I open the dashboards it is empty with No Results Found.
I can run this search and it shows the count in the thousands:
| tstats local=f summariesonly=t allow_old_summaries=t count from datamodel=Network_Resolution.DNS
When I run sourcetype=pihole, events come back, but no fields are listed.
What did I do wrong?
... View more