About JohnMurphyAus

patrickvanreck

I agree, but in some cases it makes sense to give a single user the ability to upload logs to a dedicated index (eg. siem detection usecases). I had to give Admin rights to the server, and that was not the way I wanted to set the permissions. Kind Regards Patrick

JohnMurphyAus · ‎02-26-2023

You can add the "indexes_edit" capability to the role. This will allow a user to create and edit indexes.

JohnMurphyAus · ‎01-05-2023

Perfect. Thank you!

JohnMurphyAus · ‎01-04-2023

Wow! As simple as that! Thank you! Just to simplify. All I had to do was change my drilldown from this: To this: Now when I select a date column, my time picker changes! Thanks @acharlieh !!

JohnMurphyAus · ‎01-04-2023

This was actually a heck of a lot easier than it seemed. In the results pane, click Format -> Wrap Results = No This is auto saved for future searches. [face palm]

JohnMurphyAus · ‎07-14-2022

12 Years later, still the only solution I have managed to find! Thank you 🙂

JohnMurphyAus · ‎07-14-2022

Splunk now has an "IN" operator. So you can simply add the following to your search: CAR_MAKE IN (BMW, Volkswagon, Ford) If your search values have spaces, it will need to be wrapped in quotations. E.g: CAR_MAKE IN (BMW, Volkswagon, "Mercedes Benz", Ford) I know its late, but hopefully it can help people looking for it now. Also, you may want to correct the spelling of Volkswagen 🙂

Posts	13
Solutions	2
Karma Given	12
Karma Received	0
Member Since	‎10-03-2021

Online Status	Offline
Date Last Visited	2 weeks ago

Why does time picker display not changing when the...

How to disable word wrap in custom apps table sear...

Re: User is not allowed to modify the job error

Re: How would I design a role that only gives the ...

Re: How do I change the span based on the time pic...

Re: Time Picker display not changing when the $tok...

Re: Disable word wrap in custom apps table search

Re: Can't get past subsearch limit

Re: Whats the splunk equivalent of SQL IN clause