Solved: Splunk for k8s - please review savedsearches.conf ...

guilmxm · ‎06-07-2018

Hello,

Reviewing the new Splunk for k8s addon, you could please review the savedsearches.conf and add a minimal default earliest and latest timerange to the searches ?

For example:

dispatch.earliest_time = -24h
dispatch.latest_time = now

Currently the searches will run over All time by default since only the search definition exist on a per stanza statement.
That is not good practices for customers.

Kind regards,

Guilhem

mattymo · ‎06-07-2018

Hey Guilmxm!

Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).

Will report back once it is done. Also feel free to provide any other feedback you might have!

Matt

- MattyMo

View solution in original post

mattymo · ‎06-07-2018

Hey Guilmxm!

Thanks for pointing this out. I provided the same feedback and am working with the team to clean up :).

Will report back once it is done. Also feel free to provide any other feedback you might have!

Matt

- MattyMo

Splunk for k8s - please review savedsearches.conf and add default time range constraints

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor