# Version 9.2.2.20240415 # DO NOT EDIT THIS FILE! # Changes to default files will be lost on update and are difficult to # manage and support. # # Please make any changes to system defaults by overriding them in # apps or $SPLUNK_HOME/etc/system/local # (See "Configuration file precedence" in the web documentation). # # To override a specific setting, copy the name of the stanza and # setting to the file where you wish to override it. # # This file contains possible attribute/value pairs for saved searches. # ############################################################## # default values for fields - UI needs these to build forms # ############################################################## description = cron_schedule = schedule_priority = default schedule_window = 0 allow_skew = 0 counttype = always relation = quantity = sendresults = search = enableSched = 0 max_concurrent = 1 disabled = 0 run_on_startup = 0 run_n_times = 0 displayview = vsid = alert_condition = realtime_schedule = 1 dispatchAs = owner schedule_as = auto workload_pool = defer_scheduled_searchable_idxc = 0 skip_scheduled_realtime_idxc = 0 precalculate_required_fields_for_alerts = 1 is_visible = 1 # all actions are disabled by default action.email = 0 action.populate_lookup = 0 action.rss = 0 action.script = 0 action.summary_index = 0 action.summary_index.force_realtime_schedule = 0 # set default artifact time to live to 2 x period dispatch.ttl = 2p dispatch.buckets = 0 dispatch.max_count = 500000 dispatch.max_time = 0 dispatch.lookups = 1 dispatch.spawn_process = 1 dispatch.reduce_freq = 10 dispatch.allow_partial_results = 1 dispatch.time_format = %FT%T.%Q%:z dispatch.rt_backfill = 0 dispatch.indexedRealtime = dispatch.indexedRealtimeOffset = dispatch.indexedRealtimeMinSpan = dispatch.rt_maximum_span = dispatch.sample_ratio = 1 dispatch.earliest_time = dispatch.latest_time = dispatch.index_earliest= dispatch.index_latest= dispatch.rate_limit_retry = 0 restart_on_searchpeer_add = 1 request.ui_dispatch_app = request.ui_dispatch_view = dispatch.auto_cancel = 0 dispatch.auto_pause = 0 # durable search durable.track_time_type = durable.lag_time = 0 durable.backfill_type = auto durable.max_backfill_intervals = 0 # alert throttling/suppression options alert.suppress = alert.suppress.period = alert.suppress.fields = alert.suppress.group_name = # alert severity and dashboard expiration times alert.severity = 3 alert.expires = 24h alert.digest_mode = 1 alert.track = auto alert.managedBy = # auto summarization options auto_summarize = 0 auto_summarize.command = | summarize override=partial timespan=$auto_summarize.timespan$ max_summary_size=$auto_summarize.max_summary_size$ max_summary_ratio=$auto_summarize.max_summary_ratio$ max_disabled_buckets=$auto_summarize.max_disabled_buckets$ max_time=$auto_summarize.max_time$ [ $search$ ] auto_summarize.cron_schedule = */10 * * * * auto_summarize.max_time = 3600 auto_summarize.timespan = auto_summarize.dispatch.earliest_time = auto_summarize.dispatch.latest_time = auto_summarize.dispatch.time_format = %FT%T.%Q%:z auto_summarize.dispatch.ttl = 60 auto_summarize.suspend_period = 24h auto_summarize.max_summary_size = 52428800 auto_summarize.max_summary_ratio = 0.1 auto_summarize.max_disabled_buckets = 2 auto_summarize.max_concurrent = 1 auto_summarize.workload_pool = #****** # Display Formatting Options #****** # General options display.general.enablePreview = 1 display.general.type = events display.general.timeRangePicker.show = 1 display.general.migratedFromViewState = 0 # Event options display.events.fields = ["host","source","sourcetype"] display.events.type = list display.events.rowNumbers = 0 display.events.maxLines = 5 display.events.raw.drilldown = full display.events.list.drilldown = full display.events.list.wrap = 1 display.events.table.drilldown = 1 display.events.table.wrap = 1 # Statistics options display.statistics.rowNumbers = 0 display.statistics.wrap = 1 display.statistics.overlay = none display.statistics.drilldown = cell display.statistics.totalsRow = 0 display.statistics.percentagesRow = 0 display.statistics.show = 1 # Visualization options display.visualizations.trellis.enabled = 0 display.visualizations.trellis.scales.shared = 1 display.visualizations.trellis.size = medium display.visualizations.trellis.splitBy = display.visualizations.show = 1 display.visualizations.type = charting display.visualizations.chartHeight = 300 display.visualizations.charting.chart = column display.visualizations.charting.chart.stackMode = default display.visualizations.charting.chart.nullValueMode = gaps display.visualizations.charting.chart.overlayFields = display.visualizations.charting.drilldown = all display.visualizations.charting.chart.style = shiny display.visualizations.charting.layout.splitSeries = 0 display.visualizations.charting.layout.splitSeries.allowIndependentYRanges = 0 display.visualizations.charting.legend.mode = standard display.visualizations.charting.legend.placement = right display.visualizations.charting.legend.labelStyle.overflowMode = ellipsisMiddle display.visualizations.charting.axisTitleX.text = display.visualizations.charting.axisTitleY.text = display.visualizations.charting.axisTitleY2.text = display.visualizations.charting.axisTitleX.visibility = visible display.visualizations.charting.axisTitleY.visibility = visible display.visualizations.charting.axisTitleY2.visibility = visible display.visualizations.charting.axisX.scale = linear display.visualizations.charting.axisY.scale = linear display.visualizations.charting.axisY2.scale = inherit display.visualizations.charting.axisX.abbreviation = none display.visualizations.charting.axisY.abbreviation = none display.visualizations.charting.axisY2.abbreviation = none display.visualizations.charting.axisLabelsX.majorLabelStyle.overflowMode = ellipsisNone display.visualizations.charting.axisLabelsX.majorLabelStyle.rotation = 0 display.visualizations.charting.axisLabelsX.majorUnit = display.visualizations.charting.axisLabelsY.majorUnit = display.visualizations.charting.axisLabelsY2.majorUnit = display.visualizations.charting.axisX.minimumNumber = display.visualizations.charting.axisY.minimumNumber = display.visualizations.charting.axisY2.minimumNumber = display.visualizations.charting.axisX.maximumNumber = display.visualizations.charting.axisY.maximumNumber = display.visualizations.charting.axisY2.maximumNumber = display.visualizations.charting.axisY2.enabled = 0 display.visualizations.charting.chart.showDataLabels = none display.visualizations.charting.chart.sliceCollapsingThreshold = 0.01 display.visualizations.charting.gaugeColors = display.visualizations.charting.chart.rangeValues = display.visualizations.charting.chart.bubbleMaximumSize = 50 display.visualizations.charting.chart.bubbleMinimumSize = 10 display.visualizations.charting.chart.bubbleSizeBy = area display.visualizations.charting.lineWidth = 2 display.visualizations.charting.fieldColors = display.visualizations.charting.fieldDashStyles = display.visualizations.custom.drilldown = all # Custom height is intentionally left blank so that the default value can be # defined per-visualization in visualizations.conf display.visualizations.custom.height = display.visualizations.custom.type = display.visualizations.singlevalueHeight = 115 display.visualizations.singlevalue.beforeLabel = display.visualizations.singlevalue.afterLabel = display.visualizations.singlevalue.underLabel = display.visualizations.singlevalue.unit = display.visualizations.singlevalue.unitPosition = after display.visualizations.singlevalue.drilldown = none display.visualizations.singlevalue.colorMode = none display.visualizations.singlevalue.rangeValues = [0,30,70,100] display.visualizations.singlevalue.rangeColors = ["0x53a051", "0x0877a6", "0xf8be34", "0xf1813f", "0xdc4e41"] display.visualizations.singlevalue.trendInterval = display.visualizations.singlevalue.trendColorInterpretation = standard display.visualizations.singlevalue.showTrendIndicator = 1 display.visualizations.singlevalue.showSparkline = 1 display.visualizations.singlevalue.trendDisplayMode = absolute display.visualizations.singlevalue.colorBy = value display.visualizations.singlevalue.useColors = 0 display.visualizations.singlevalue.numberPrecision = 0 display.visualizations.singlevalue.useThousandSeparators = 1 display.visualizations.mapHeight = 400 display.visualizations.mapping.type = marker display.visualizations.mapping.drilldown = all display.visualizations.mapping.map.center = (0,0) display.visualizations.mapping.map.zoom = 2 display.visualizations.mapping.map.scrollZoom = 0 display.visualizations.mapping.map.panning = 1 display.visualizations.mapping.markerLayer.markerOpacity = 0.8 display.visualizations.mapping.markerLayer.markerMinSize = 10 display.visualizations.mapping.markerLayer.markerMaxSize = 50 display.visualizations.mapping.choroplethLayer.colorMode = auto display.visualizations.mapping.choroplethLayer.maximumColor = 0xaf575a display.visualizations.mapping.choroplethLayer.minimumColor = 0x62b3b2 display.visualizations.mapping.choroplethLayer.colorBins = 5 display.visualizations.mapping.choroplethLayer.neutralPoint = 0 display.visualizations.mapping.choroplethLayer.shapeOpacity = 0.75 display.visualizations.mapping.choroplethLayer.showBorder = 1 display.visualizations.mapping.legend.placement = bottomright display.visualizations.mapping.data.maxClusters = 100 display.visualizations.mapping.showTiles = 1 display.visualizations.mapping.tileLayer.tileOpacity = 1 display.visualizations.mapping.tileLayer.url = display.visualizations.mapping.tileLayer.minZoom = 0 display.visualizations.mapping.tileLayer.maxZoom = 7 # Patterns options display.page.search.patterns.sensitivity = 0.8 # Page options display.page.search.mode = smart display.page.search.tab = events # Deprecated display.page.search.timeline.format = compact display.page.search.timeline.scale = linear display.page.search.showFields = 1 ################## # Other settings # ################## embed.enabled = 0