Activity Feed
- Posted Re: Re-arranging Apps menu in Splunk 9.2.x on Knowledge Management. 05-01-2024 03:48 PM
- Got Karma for Re: How do I remove the chart on the top of the PDF?. 02-20-2024 07:34 AM
- Posted Re: SQS Based Input from S3: Assign different sourcetype based on filename on Getting Data In. 12-16-2021 01:07 PM
- Posted Re: Can I set _TCP_ROUTING in the default stanza for inputs.conf? on Getting Data In. 04-19-2021 03:35 PM
- Posted Re: Why export button is grayed out in some of my panels? on Other Usage. 03-25-2021 11:59 AM
- Got Karma for Re: Windows Event Index redirects. 10-30-2020 12:06 PM
- Posted Re: Windows Event Index redirects on Splunk Enterprise. 10-22-2020 01:58 PM
- Posted Re: How do I remove the chart on the top of the PDF? on Splunk Search. 08-31-2020 01:15 PM
Topics I've Started
No posts to display.
05-01-2024
03:48 PM
Another option just for you only. Just make your list under [general] in the user-prefs.conf $SPLUNK_HOME/etc/users/<YOURNAME>/user-prefs/local/user-prefs.conf [general] appOrder = search,lookup_editor
... View more
12-16-2021
01:07 PM
Try: s3_file_decoder = CloudTrail
... View more
04-19-2021
03:35 PM
_TCP_ROUTING in the default stanza should work, but it didn't work for me either.
... View more
03-25-2021
11:59 AM
One option is to click in the hour glass next to the down arrow. It will open the search on a new window and you can download it from there.
... View more
10-22-2020
01:58 PM
1 Karma
sean_auditum, I have had the same issue. I wanted to redirect WinEventLog:Setup and XmlWinEventLog:Security to a different index as the logs were/are coming in main index. I have had a similar stanza as yours except I had "REGEX = ." in transforms.conf to send all logs to a different index. However, WinEventLog:Setup working but XmlWinEventLog:Security is not. Still investigating. I'll provide an update once I resolve this issue.
... View more
08-31-2020
01:15 PM
1 Karma
rsimmons gave a good answer. You can also change that by going to Settings --> Searches, reports and alerts choose the report and go to Advanced Edit display.visualizations.show and change the value to "0"
... View more
