I dont think you can import a google spreadsheet in a team drive, but you can import the google spreadsheet in "My Drive" in Splunk. Hope it helps.
... View more
check Palo Alto TA (props.conf) for detailed description on how to solve your problem. so your example would look something like this below.
[my:application]
# all common extractions here
TRANSFORMS-sourcetype =my:application:audit,my:application:transaction
[my:application:audit]
# some very specific extractions for audit only
[my:application:transaction]
# some very specific extractions for txns
... View more
A sample of the inputs.conf in a windows environment is below.
[monitor://C:\Program Files (x86)\Symantec\Symantec\data\dump\scm_admin.tmp]
sourcetype = symantec:ep:admin:file
index = symantec
disabled = false
make sure you are using the slashes correctly.
... View more
A sample of the inputs.conf in a windows environment is below.
[monitor://C:\Program Files (x86)\Symantec\Symantec\data\dump\scm_admin.tmp]
sourcetype = symantec:ep:admin:file
index = symantec
disabled = false
make sure you are using the slashes correctly.
... View more
i fixed it by changing the max_content_length in server.conf.
As stated, the file exceeds max_content_length in server.conf of 800 MB. This can be increased by adding the following to $SPLUNK_HOME/etc/system/local/server.conf.
[httpServer]
max_content_length = 1600000000
my bundle had a huge lookups and that was causing this error.
... View more
this works in 6.4.4.
| rest splunk_server=local /servicesNS/-/-/saved/searches add_orphan_field=yes count=0
| search orphan=1 disabled=0 is_scheduled=1
| eval status = if(disabled = 0, "enabled", "disabled")
| fields title eai:acl.owner eai:acl.app eai:acl.sharing orphan status is_scheduled cron_schedule next_scheduled_time next_scheduled_time actions
| rename title AS "search name" eai:acl.owner AS owner eai:acl.app AS app eai:acl.sharing AS sharing
... View more
the link that Drainy mentioned doesnt work. This is the correct link. https://answers.splunk.com/answers/11152/drilldown-link-in-dashboard.html
... View more
I had the same issue, and my custom apps directory didnt have the metadata folder, that is why my custom props.conf wasn't working.
The metadata folder should have one file called local.meta and the contents of the file are
[]
access = read : [ * ], write : [ admin ]
export = system
Hope it helps!
Happy Splunking!
... View more