Administrator
/
Splunk_Docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_Docker/files/splunk-etc/system/default/savedsearches.conf

273 lines
10 KiB
Raw Permalink Blame History

# Version 9.2.2.20240415
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# apps or $SPLUNK_HOME/etc/system/local
# (See "Configuration file precedence" in the web documentation).
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
#
# This file contains possible attribute/value pairs for saved searches.
#
##############################################################
# default values for fields - UI needs these to build forms #
##############################################################
description =
cron_schedule =
schedule_priority = default
schedule_window = 0
allow_skew = 0
counttype = always
relation =
quantity =
sendresults =
search =
enableSched = 0
max_concurrent = 1
disabled = 0
run_on_startup = 0
run_n_times = 0
displayview =
vsid =
alert_condition =
realtime_schedule = 1
dispatchAs = owner
schedule_as = auto
workload_pool =
defer_scheduled_searchable_idxc = 0
skip_scheduled_realtime_idxc = 0
precalculate_required_fields_for_alerts = 1
is_visible = 1
# all actions are disabled by default
action.email = 0
action.populate_lookup = 0
action.rss = 0
action.script = 0
action.summary_index = 0
action.summary_index.force_realtime_schedule = 0
# set default artifact time to live to 2 x period
dispatch.ttl = 2p
dispatch.buckets = 0
dispatch.max_count = 500000
dispatch.max_time = 0
dispatch.lookups = 1
dispatch.spawn_process = 1
dispatch.reduce_freq = 10
dispatch.allow_partial_results = 1
dispatch.time_format = %FT%T.%Q%:z
dispatch.rt_backfill = 0
dispatch.indexedRealtime =
dispatch.indexedRealtimeOffset =
dispatch.indexedRealtimeMinSpan =
dispatch.rt_maximum_span =
dispatch.sample_ratio = 1
dispatch.earliest_time =
dispatch.latest_time =
dispatch.index_earliest=
dispatch.index_latest=
dispatch.rate_limit_retry = 0
restart_on_searchpeer_add = 1
request.ui_dispatch_app =
request.ui_dispatch_view =
dispatch.auto_cancel = 0
dispatch.auto_pause = 0
# durable search
durable.track_time_type =
durable.lag_time = 0
durable.backfill_type = auto
durable.max_backfill_intervals = 0
# alert throttling/suppression options
alert.suppress =
alert.suppress.period =
alert.suppress.fields =
alert.suppress.group_name =
# alert severity and dashboard expiration times
alert.severity = 3
alert.expires = 24h
alert.digest_mode = 1
alert.track = auto
alert.managedBy =
# auto summarization options
auto_summarize = 0
auto_summarize.command = | summarize override=partial timespan=$auto_summarize.timespan$ max_summary_size=$auto_summarize.max_summary_size$ max_summary_ratio=$auto_summarize.max_summary_ratio$ max_disabled_buckets=$auto_summarize.max_disabled_buckets$ max_time=$auto_summarize.max_time$ [ $search$ ]
auto_summarize.cron_schedule = */10 * * * *
auto_summarize.max_time = 3600
auto_summarize.timespan =
auto_summarize.dispatch.earliest_time =
auto_summarize.dispatch.latest_time =
auto_summarize.dispatch.time_format = %FT%T.%Q%:z
auto_summarize.dispatch.ttl = 60
auto_summarize.suspend_period = 24h
auto_summarize.max_summary_size = 52428800
auto_summarize.max_summary_ratio = 0.1
auto_summarize.max_disabled_buckets = 2
auto_summarize.max_concurrent = 1
auto_summarize.workload_pool =
#******
# Display Formatting Options
#******
# General options
display.general.enablePreview = 1
display.general.type = events
display.general.timeRangePicker.show = 1
display.general.migratedFromViewState = 0
# Event options
display.events.fields = ["host","source","sourcetype"]
display.events.type = list
display.events.rowNumbers = 0
display.events.maxLines = 5
display.events.raw.drilldown = full
display.events.list.drilldown = full
display.events.list.wrap = 1
display.events.table.drilldown = 1
display.events.table.wrap = 1
# Statistics options
display.statistics.rowNumbers = 0
display.statistics.wrap = 1
display.statistics.overlay = none
display.statistics.drilldown = cell
display.statistics.totalsRow = 0
display.statistics.percentagesRow = 0
display.statistics.show = 1
# Visualization options
display.visualizations.trellis.enabled = 0
display.visualizations.trellis.scales.shared = 1
display.visualizations.trellis.size = medium
display.visualizations.trellis.splitBy =
display.visualizations.show = 1
display.visualizations.type = charting
display.visualizations.chartHeight = 300
display.visualizations.charting.chart = column
display.visualizations.charting.chart.stackMode = default
display.visualizations.charting.chart.nullValueMode = gaps
display.visualizations.charting.chart.overlayFields =
display.visualizations.charting.drilldown = all
display.visualizations.charting.chart.style = shiny
display.visualizations.charting.layout.splitSeries = 0
display.visualizations.charting.layout.splitSeries.allowIndependentYRanges = 0
display.visualizations.charting.legend.mode = standard
display.visualizations.charting.legend.placement = right
display.visualizations.charting.legend.labelStyle.overflowMode = ellipsisMiddle
display.visualizations.charting.axisTitleX.text =
display.visualizations.charting.axisTitleY.text =
display.visualizations.charting.axisTitleY2.text =
display.visualizations.charting.axisTitleX.visibility = visible
display.visualizations.charting.axisTitleY.visibility = visible
display.visualizations.charting.axisTitleY2.visibility = visible
display.visualizations.charting.axisX.scale = linear
display.visualizations.charting.axisY.scale = linear
display.visualizations.charting.axisY2.scale = inherit
display.visualizations.charting.axisX.abbreviation = none
display.visualizations.charting.axisY.abbreviation = none
display.visualizations.charting.axisY2.abbreviation = none
display.visualizations.charting.axisLabelsX.majorLabelStyle.overflowMode = ellipsisNone
display.visualizations.charting.axisLabelsX.majorLabelStyle.rotation = 0
display.visualizations.charting.axisLabelsX.majorUnit =
display.visualizations.charting.axisLabelsY.majorUnit =
display.visualizations.charting.axisLabelsY2.majorUnit =
display.visualizations.charting.axisX.minimumNumber =
display.visualizations.charting.axisY.minimumNumber =
display.visualizations.charting.axisY2.minimumNumber =
display.visualizations.charting.axisX.maximumNumber =
display.visualizations.charting.axisY.maximumNumber =
display.visualizations.charting.axisY2.maximumNumber =
display.visualizations.charting.axisY2.enabled = 0
display.visualizations.charting.chart.showDataLabels = none
display.visualizations.charting.chart.sliceCollapsingThreshold = 0.01
display.visualizations.charting.gaugeColors =
display.visualizations.charting.chart.rangeValues =
display.visualizations.charting.chart.bubbleMaximumSize = 50
display.visualizations.charting.chart.bubbleMinimumSize = 10
display.visualizations.charting.chart.bubbleSizeBy = area
display.visualizations.charting.lineWidth = 2
display.visualizations.charting.fieldColors =
display.visualizations.charting.fieldDashStyles =
display.visualizations.custom.drilldown = all
# Custom height is intentionally left blank so that the default value can be
# defined per-visualization in visualizations.conf
display.visualizations.custom.height =
display.visualizations.custom.type =
display.visualizations.singlevalueHeight = 115
display.visualizations.singlevalue.beforeLabel =
display.visualizations.singlevalue.afterLabel =
display.visualizations.singlevalue.underLabel =
display.visualizations.singlevalue.unit =
display.visualizations.singlevalue.unitPosition = after
display.visualizations.singlevalue.drilldown = none
display.visualizations.singlevalue.colorMode = none
display.visualizations.singlevalue.rangeValues = [0,30,70,100]
display.visualizations.singlevalue.rangeColors = ["0x53a051", "0x0877a6", "0xf8be34", "0xf1813f", "0xdc4e41"]
display.visualizations.singlevalue.trendInterval =
display.visualizations.singlevalue.trendColorInterpretation = standard
display.visualizations.singlevalue.showTrendIndicator = 1
display.visualizations.singlevalue.showSparkline = 1
display.visualizations.singlevalue.trendDisplayMode = absolute
display.visualizations.singlevalue.colorBy = value
display.visualizations.singlevalue.useColors = 0
display.visualizations.singlevalue.numberPrecision = 0
display.visualizations.singlevalue.useThousandSeparators = 1
display.visualizations.mapHeight = 400
display.visualizations.mapping.type = marker
display.visualizations.mapping.drilldown = all
display.visualizations.mapping.map.center = (0,0)
display.visualizations.mapping.map.zoom = 2
display.visualizations.mapping.map.scrollZoom = 0
display.visualizations.mapping.map.panning = 1
display.visualizations.mapping.markerLayer.markerOpacity = 0.8
display.visualizations.mapping.markerLayer.markerMinSize = 10
display.visualizations.mapping.markerLayer.markerMaxSize = 50
display.visualizations.mapping.choroplethLayer.colorMode = auto
display.visualizations.mapping.choroplethLayer.maximumColor = 0xaf575a
display.visualizations.mapping.choroplethLayer.minimumColor = 0x62b3b2
display.visualizations.mapping.choroplethLayer.colorBins = 5
display.visualizations.mapping.choroplethLayer.neutralPoint = 0
display.visualizations.mapping.choroplethLayer.shapeOpacity = 0.75
display.visualizations.mapping.choroplethLayer.showBorder = 1
display.visualizations.mapping.legend.placement = bottomright
display.visualizations.mapping.data.maxClusters = 100
display.visualizations.mapping.showTiles = 1
display.visualizations.mapping.tileLayer.tileOpacity = 1
display.visualizations.mapping.tileLayer.url =
display.visualizations.mapping.tileLayer.minZoom = 0
display.visualizations.mapping.tileLayer.maxZoom = 7
# Patterns options
display.page.search.patterns.sensitivity = 0.8
# Page options
display.page.search.mode = smart
display.page.search.tab = events
# Deprecated
display.page.search.timeline.format = compact
display.page.search.timeline.scale = linear
display.page.search.showFields = 1
##################
# Other settings #
##################
embed.enabled = 0
Reference in new issue View Git Blame Copy Permalink

Powered by BW's shoe-string budget.