cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
JohnMurphyAus
Path Finder
Member since: ‎10-03-2021
‎09-14-2023
Community Statistics
Posts 13
Solutions 2
Karma Given 12
Karma Received 0
Member Since ‎10-03-2021
Activity Feed
View All

Re: User is not allowed to modify the job error

by in Getting Data In
‎09-15-2023 01:45 AM
‎09-15-2023 01:45 AM
I agree, but in some cases it makes sense to give a single user the ability to upload logs to a dedicated index (eg. siem detection usecases). I had to give Admin rights to the server, and that was not the way I wanted to set the permissions. Kind Regards Patrick ... View more

Re: How would I design a role that only gives the ...

by in Security
‎02-26-2023 02:52 PM
‎02-26-2023 02:52 PM
You can add the "indexes_edit" capability to the role. This will allow a user to create and edit indexes.  ... View more

Re: How do I change the span based on the time pic...

by in Splunk Search
‎01-05-2023 05:17 PM
‎01-05-2023 05:17 PM
Perfect. Thank you! ... View more

Re: Time Picker display not changing when the $tok...

by in Dashboards & Visualizations
‎01-04-2023 09:07 PM
‎01-04-2023 09:07 PM
Wow! As simple as that! Thank you! Just to simplify. All I had to do was change my drilldown from this: To this: Now when I select a date column, my time picker changes! Thanks @acharlieh !! ... View more

Re: Disable word wrap in custom apps table search

by in Splunk Search
‎01-04-2023 06:18 PM
‎01-04-2023 06:18 PM
This was actually a heck of a lot easier than it seemed.  In the results pane, click Format -> Wrap Results = No   This is auto saved for future searches. [face palm] ... View more

Re: Can't get past subsearch limit

by in Splunk Search
‎07-14-2022 12:15 AM
‎07-14-2022 12:15 AM
12 Years later, still the only solution I have managed to find! Thank you 🙂 ... View more

Re: Whats the splunk equivalent of SQL IN clause

by in Splunk Search
‎07-14-2022 12:05 AM
‎07-14-2022 12:05 AM
Splunk now has an "IN" operator. So you can simply add the following to your search: CAR_MAKE IN (BMW, Volkswagon, Ford) If your search values have spaces, it will need to be wrapped in quotations. E.g: CAR_MAKE IN (BMW, Volkswagon, "Mercedes Benz", Ford) I know its late, but hopefully it can help people looking for it now. Also, you may want to correct the spelling of Volkswagen 🙂     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-14-2023 11:35 PM
Karma given to