Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do we permanently move some interesting fields to selected fields in a clustered environment ?

splunker969
Communicator
‎03-26-2018 01:34 PM

Hi,

When I am trying to move some interesting fields to selected fields after I log out and log back in, the fields are moving back to interesting fields. Is there any chance that we can keep them permanently?
Please help.

Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-27-2018 12:24 AM

Hi splunker969,
what do you mean with "move", are you speaking of a regex or a calculated field or an alias?

If this is your situation:

  • if you're speaking of a field extraction by regex, you can save field extraction and share it;
  • if you're speaking of an alias or a calculated field you can record and share it.

Bye.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-27-2018 12:24 AM

Hi splunker969,
what do you mean with "move", are you speaking of a regex or a calculated field or an alias?

If this is your situation:

  • if you're speaking of a field extraction by regex, you can save field extraction and share it;
  • if you're speaking of an alias or a calculated field you can record and share it.

Bye.
Giuseppe

Reply
Solved! Jump to solution

splunker969
Communicator
‎03-27-2018 06:08 AM

Hi Cusello ,

Thanks for answer.Actually when i search for "source type=test "I want some fields in interesting fields always show up in selected fields even if any user should see them only in selected fields means appear in selected fields any suggestions please .

Thanks,
splunker969.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎03-27-2018 06:30 AM

Selected fields is a user configuration, that you can find in
$SPLUNK_HOME/splunk/etc/users//user-prefs/local/ui-prefs.conf
and that's possible to modify by interface.
You can set a default user-prefs.conf that can be modified by users

the option is 

display.events.fields = ["host","source","sourcetype"]

For additional information see https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Ui-prefsconf

Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

splunker969
Communicator
‎03-27-2018 06:53 AM

Thanks cusello

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...