Another option just for you only. Just make your list under [general] in the user-prefs.conf $SPLUNK_HOME/etc/users/<YOURNAME>/user-prefs/local/user-prefs.conf [general] appOrder = search,lookup_editor ... View more

Try: s3_file_decoder = CloudTrail ... View more

_TCP_ROUTING in the default stanza should work, but it didn't work for me either. ... View more

One option is to click in the hour glass next to the down arrow. It will open the search on a new window and you can download it from there. ... View more

sean_auditum, I have had the same issue. I wanted to redirect WinEventLog:Setup and XmlWinEventLog:Security to a different index as the logs were/are coming in main index.  I have had a similar stanza as yours except I had  "REGEX = ." in transforms.conf  to send all logs to a different index.  However, WinEventLog:Setup working but XmlWinEventLog:Security is not.  Still investigating. I'll provide an update once I resolve this issue.   ... View more

rsimmons gave a good answer.  You can also change that by going to Settings --> Searches, reports and alerts choose the report and go to Advanced Edit display.visualizations.show and change the value to "0" ... View more